WO2024088194A1 - Communication method and apparatus, and intelligent driving device - Google Patents
Communication method and apparatus, and intelligent driving device Download PDFInfo
- Publication number
- WO2024088194A1 WO2024088194A1 PCT/CN2023/125866 CN2023125866W WO2024088194A1 WO 2024088194 A1 WO2024088194 A1 WO 2024088194A1 CN 2023125866 W CN2023125866 W CN 2023125866W WO 2024088194 A1 WO2024088194 A1 WO 2024088194A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- memory
- identity information
- service
- kernel
- information
- Prior art date
Links
- 238000000034 method Methods 0.000 title claims abstract description 419
- 230000006854 communication Effects 0.000 title claims abstract description 60
- 238000004891 communication Methods 0.000 title claims abstract description 59
- 230000008569 process Effects 0.000 claims abstract description 336
- 238000013507 mapping Methods 0.000 claims abstract description 47
- 238000004590 computer program Methods 0.000 claims description 16
- 238000013506 data mapping Methods 0.000 claims description 6
- 238000004140 cleaning Methods 0.000 claims description 3
- 230000006870 function Effects 0.000 description 29
- 238000007726 management method Methods 0.000 description 29
- 238000010586 diagram Methods 0.000 description 17
- 238000012545 processing Methods 0.000 description 16
- 230000000977 initiatory effect Effects 0.000 description 14
- 230000007246 mechanism Effects 0.000 description 13
- 239000003999 initiator Substances 0.000 description 10
- 230000005540 biological transmission Effects 0.000 description 9
- 101100012902 Saccharomyces cerevisiae (strain ATCC 204508 / S288c) FIG2 gene Proteins 0.000 description 4
- 230000008447 perception Effects 0.000 description 4
- 101100055496 Arabidopsis thaliana APP2 gene Proteins 0.000 description 3
- 101001121408 Homo sapiens L-amino-acid oxidase Proteins 0.000 description 3
- 102100026388 L-amino-acid oxidase Human genes 0.000 description 3
- 101100016250 Saccharomyces cerevisiae (strain ATCC 204508 / S288c) GYL1 gene Proteins 0.000 description 3
- 101100233916 Saccharomyces cerevisiae (strain ATCC 204508 / S288c) KAR5 gene Proteins 0.000 description 3
- 238000013473 artificial intelligence Methods 0.000 description 3
- 230000008878 coupling Effects 0.000 description 3
- 238000010168 coupling process Methods 0.000 description 3
- 238000005859 coupling reaction Methods 0.000 description 3
- 101150053844 APP1 gene Proteins 0.000 description 2
- 101100189105 Homo sapiens PABPC4 gene Proteins 0.000 description 2
- 101000827703 Homo sapiens Polyphosphoinositide phosphatase Proteins 0.000 description 2
- 102100039424 Polyadenylate-binding protein 4 Human genes 0.000 description 2
- 102100023591 Polyphosphoinositide phosphatase Human genes 0.000 description 2
- 238000005259 measurement Methods 0.000 description 2
- 230000001133 acceleration Effects 0.000 description 1
- 238000013528 artificial neural network Methods 0.000 description 1
- 239000003795 chemical substances by application Substances 0.000 description 1
- 238000013135 deep learning Methods 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 238000001514 detection method Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 239000000446 fuel Substances 0.000 description 1
- 230000036541 health Effects 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 230000000670 limiting effect Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 230000002085 persistent effect Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- XLYOFNOQVPJJNP-UHFFFAOYSA-N water Substances O XLYOFNOQVPJJNP-UHFFFAOYSA-N 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/46—Multiprogramming arrangements
- G06F9/54—Interprogram communication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
Definitions
- the present application relates to the field of communications, and more specifically, to a communication method, apparatus and intelligent driving equipment.
- the embodiments of the present application provide a communication method and device, which help to improve the efficiency and security of communication between processes.
- the intelligent driving equipment in this application may include road vehicles, water vehicles, air vehicles, industrial equipment, agricultural equipment, or entertainment equipment, etc.
- the intelligent driving equipment may be a vehicle, which is a vehicle in a broad sense, and may be a vehicle (such as a commercial vehicle, a passenger car, a motorcycle, a flying car, a train, etc.), an industrial vehicle (such as a forklift, a trailer, a tractor, etc.), an engineering vehicle (such as an excavator, a bulldozer, a crane, etc.), agricultural equipment (such as a mower, a harvester, etc.), amusement equipment, a toy vehicle, etc.
- the embodiment of this application does not specifically limit the type of intelligent driving equipment.
- the intelligent driving equipment may be a vehicle such as an airplane or a ship.
- a communication method comprising: allocating a first memory for a first process in a kernel, the first memory comprising a memory for carrying identity information of the first process; filling the identity information of the first process into the first memory; mapping the first memory to obtain a shared memory, so that a second process obtains the identity information of the first process through the shared memory.
- the shared memory is mapped by the kernel to the user-mode process for use, and the receiving process (second process) can obtain the identity information of the initiating process through the shared memory.
- the receiving process does not need to fall into the kernel again to obtain the identity information of the sending process (first process), which helps to reduce the delay of inter-process communication and also helps to improve the efficiency and certainty of communication.
- mapping the first memory to obtain a shared memory includes: mapping the first memory from the kernel to a user state to obtain the shared memory.
- the first process may be a client process or an initiator process.
- the second process may be a server process or a receiver process.
- the identity information of the first process includes service-based identity information of the first process.
- the vehicle-mounted scenario involves various types of operating systems and a multi-component vehicle identity system
- abstract identity information e.g., user identification (UID), group identification (GID) or process identification (PID)
- UID user identification
- GID group identification
- PID process identification
- the second process can obtain the service-based identity information of the first process, and the service-based identity information of the first process can better reflect the identity information of the process in the vehicle-mounted scenario.
- the service-based identity information of the first process includes, but is not limited to, vehicle-wide unique identification information used to define the first process (such as an application).
- the service-based identity information of the first process may include deployment information of the first process (for example, identification information of the ECU where the application is located).
- the kernel stores a mapping relationship between the abstract identity information of the first process and the service identity information of the first process
- the method also includes: obtaining the abstract identity information of the first process; and determining the service identity information of the first process based on the abstract identity information of the first process and the mapping relationship.
- the kernel stores the mapping relationship between the abstract identity information of the first process and the service identity information of the first process.
- the kernel can obtain the abstract identity information of the first process, and then determine the service identity information of the first process based on the abstract identity information and the mapping relationship.
- the service identity information of the first process can be filled into the first memory.
- the second process can obtain the service identity information of the first process from the shared memory. In this way, the second process does not need to obtain the service identity information of the first process through the execution management module EM, which helps to reduce the delay of inter-process communication.
- obtaining the abstracted identity information of the first process includes: obtaining the abstracted identity information of the first process when the first process is started.
- the method further includes: when the first process exits, clearing the mapping relationship.
- mapping relationship saved in the kernel can be cleared, which helps to avoid leakage of the identity information of the first process.
- the method further includes: controlling visibility of the first process and the second process to the first memory according to attribute information of the virtual address page table.
- the visibility of the first process and the second process to the first memory can be controlled through the attribute information of the virtual address page table.
- the two ends of the communication can implement a strictly one-way zero-trust model, which helps to improve the security of the identity information transmission mechanism.
- the visibility of the first process and the second process to the first memory is controlled according to the attribute information of the virtual address page table, including: controlling the first process to be invisible to the first memory and controlling the second process to be readable but not writable to the first memory according to the attribute information of the virtual address page table.
- the identity information of the first process can be protected, thereby helping to improve the security of the identity information transmission mechanism.
- the first memory also includes a memory for carrying payload data of the first process
- the method also includes: filling the payload data in the shared memory so that the second process obtains the payload data through the shared memory.
- the memory used to carry identity information and the memory used to carry payload data can be allocated at one time, and the memory used to carry identity information can be filled in one time when allocated, which helps to reduce the impact of the identity information transmission mechanism on performance in the entire communication.
- the memory used to carry the identity information of the first process and the memory used to carry the payload data of the first process are decoupled, so that the first memory can be fixed-length and the memory used to carry the payload data can achieve zero copy during the mapping process, which helps to further reduce the latency of inter-process communication.
- the second process obtains the identity information of the first process through a pointer address offset.
- the length of the memory in the first memory used to carry the identity information is a preset length.
- the length of the memory used to carry the identity information can be a preset length, so that the receiving end process can quickly obtain the identity information of the first process through the pointer address offset.
- a communication device which includes: a memory allocation unit, used to allocate a first memory for a first process in a kernel, the first memory including a memory for carrying identity information of the first process; a data filling unit, used to fill the identity information of the first process into the first memory; and a data mapping unit, used to map the first memory to obtain a shared memory, so that the second process obtains the identity information of the first process through the shared memory.
- the identity information of the first process includes service-based identity information of the first process.
- the kernel stores a mapping relationship between the abstract identity information of the first process and the service identity information of the first process
- the device also includes: an acquisition unit for acquiring the abstract identity information of the first process; a determination unit for determining the service identity information of the first process based on the abstract identity information of the first process and the mapping relationship.
- the device further includes: a data cleaning unit, configured to clean up the mapping relationship when the first process exits.
- the device also includes: a control unit, used to control visibility of the first process and the second process to the first memory according to attribute information of the virtual address page table.
- control unit is used to: control the first process to be invisible to the first memory and control the second process to be readable but not writable to the first memory according to attribute information of the virtual address page table.
- the first memory further includes a memory for carrying the payload data of the first process
- the data filling unit is further used to: fill the payload data in the shared memory so that the second process can Save and obtain the load data.
- the second process obtains the identity information of the first process through a pointer address offset.
- a communication device which includes a processing unit and a storage unit, wherein the storage unit is used to store instructions, and the processing unit executes the instructions stored in the storage unit to enable the device to perform any possible method in the first aspect.
- an intelligent driving device which includes any possible device in the second aspect or the third aspect.
- the intelligent driving device is a vehicle.
- a computer program product comprising: a computer program code, when the computer program code is run on a computer, the computer executes any possible method in the above-mentioned first aspect.
- the above-mentioned computer program code can be stored in whole or in part on the first storage medium, wherein the first storage medium can be packaged together with the processor or separately packaged with the processor, and the embodiments of the present application do not specifically limit this.
- a computer-readable medium stores a program code, and when the computer program code is executed on a computer, the computer executes any possible method in the first aspect.
- an embodiment of the present application provides a chip system, which includes a processor for calling a computer program or computer instructions stored in a memory so that the processor executes any possible method in the above-mentioned first aspect.
- the processor is coupled to the memory via an interface.
- the chip system also includes a memory, in which a computer program or computer instructions are stored.
- an embodiment of the present application provides a chip, the chip comprising a circuit, and the circuit is used to execute any possible method in the above-mentioned first aspect.
- FIG1 is a functional block diagram of an intelligent driving device provided in an embodiment of the present application.
- FIG2 is a diagram of an access control architecture of a vehicle-mounted system provided in an embodiment of the present application.
- FIG3 is a schematic block diagram of an operating system provided in an embodiment of the present application.
- FIG4 is a schematic flowchart of a communication method provided in an embodiment of the present application.
- FIG5 is another schematic flowchart of the communication method provided in an embodiment of the present application.
- FIG6 is a schematic diagram of secure inter-process communication provided in an embodiment of the present application.
- FIG. 7 is a schematic diagram of the service-based identity information saved by the calling identity management module provided in an embodiment of the present application.
- FIG8 is a schematic diagram of the visibility of the processes at both ends in the inter-process communication IPC driver control identity data provided by an embodiment of the present application.
- FIG9 is a schematic diagram of a receiving end process obtaining identity information of an initiating end process through a pointer address offset provided by an embodiment of the present application.
- FIG. 10 is a schematic block diagram of a communication device provided in an embodiment of the application.
- prefixes such as “first” and “second” are used only to distinguish different description objects, and have no limiting effect on the position, order, priority, quantity or content of the described objects.
- the use of prefixes such as ordinal numbers to distinguish description objects in the embodiments of the present application does not constitute a limitation on the described objects.
- the meaning of "multiple" is two or more.
- FIG1 is a functional block diagram of an intelligent driving device 100 provided in an embodiment of the present application.
- the intelligent driving device 100 may include a perception system 110 and a computing platform 120, wherein the perception system 110 may include one or more sensors for sensing information about the environment surrounding the intelligent driving device 100.
- the perception system 110 may include a positioning system, and the positioning system may be a global positioning system (GPS), a Beidou system, or other positioning systems.
- the perception system 110 may also include an inertial measurement unit.
- IMU inertial measurement unit
- laser radar a laser radar
- millimeter-wave radar a millimeter-wave radar
- ultrasonic radar an ultrasonic radar
- the computing platform 120 may include one or more processors, such as processors 121 to 12n (n is a positive integer).
- the processor is a circuit with signal processing capability.
- the processor may be a circuit with instruction reading and execution capability, such as a central processing unit (CPU), a microprocessor, a graphics processing unit (GPU) (which can be understood as a microprocessor), or a digital signal processor (DSP); in another implementation, the processor may implement certain functions through the logical relationship of a hardware circuit, and the logical relationship of the hardware circuit is fixed or reconfigurable, such as a hardware circuit implemented by an application-specific integrated circuit (ASIC) or a programmable logic device (PLD), such as a field programmable gate array (FPGA).
- ASIC application-specific integrated circuit
- PLD programmable logic device
- the process of the processor loading a configuration document to implement the hardware circuit configuration can be understood as the process of the processor loading instructions to implement the functions of some or all of the above units.
- the processor can also be a hardware circuit designed for artificial intelligence, which can be understood as an ASIC, such as a neural network processing unit (NPU), a tensor processing unit (TPU), a deep learning processing unit (DPU), etc.
- the computing platform 120 can also include a memory, the memory is used to store instructions, and some or all of the processors 121 to 12n can call instructions in the memory to implement corresponding functions.
- FIG2 shows a diagram of the vehicle system access control architecture provided by an embodiment of the present application.
- the vehicle system access control architecture includes a subject, an information system, a functional model, kernel services (KS) and a virtual memory manager (VMM).
- the subject includes over the air (OTA) upgrade service, vehicle history record (VHR), device authentication, vehicle cloud communication service, remote interaction, map update, AUTomotive open system architecture (AutoSAR) standard interface, AutoSAR internal interface and communication management (CM) agent.
- the information system includes a CM framework (CM skeleton), secure shared memory within the operating system (OS), and secure cryptographic identities between OSs.
- AutoSAR standard function modules include AutoSAR log module, AutoSAR network management module, AutoSAR persistent storage module, AutoSAR execution management module (AutoSAR execution management, AutoSAR EM), AutoSAR process health management module, AutoSAR cryptographic service module, AutoSAR intrusion detection module, AutoSAR time synchronization module and AutoSAR upgrade management module, etc.
- AutoSAR internal function modules include power management module, file management module, device management module and network protocol stack.
- KS includes trusted execution environment (TEE), kernel object and heterogeneous devices, among which TEE includes trusted application (TA), key, etc.
- Kernel objects include files, drivers, interrupts, networks, memory and processes, etc.
- Heterogeneous devices include microcontroller unit (MCU), acceleration engine, hardware security module (HSM), CPU, GPU, etc.
- VMM includes a virtual memory access control module and a trusted security base.
- the CM framework is used to query the permissions of the AutoSAR identity and access management module (AutoSAR IAM), and the AutoSAR standard function module is used to query the fine-grained access permissions (e.g., key slot) of AutoSAR IAM.
- AutoSAR IAM can communicate with ECU A and ECU B respectively.
- FIG3 shows a schematic block diagram of an operating system 300 provided in an embodiment of the present application.
- the operating system 300 may include multiple user-mode processes (e.g., application (APP) 1 and APP2), a kernel/trusted base, virtual memory, and physical memory.
- APP1 may be used as a client process (or, an initiator process)
- APP2 may be used as a server process (or, a receiver process).
- client process or, an initiator process
- server process or, a receiver process
- two processes in an operating system are isolated from each other, and one process cannot directly access the memory address of another process.
- the operating system 300 shown in FIG. 3 may be located in the computing platform 120 shown in FIG. 1 .
- IPC inter-process communication
- the inter-process communication method (Unix domain socket, UDS) provided by the Linux kernel can enable the server process to obtain the abstract identity information (for example, UID, GID or PID) of the client process.
- UDS Uniix domain socket
- APP2 must make at least one additional system call to obtain the abstract identity information of APP1 from the kernel. This system call will affect the latency and determinism of communication.
- the implementation of a common IPC usually requires the help of the kernel or a trusted base.
- the acquisition of identity information in the current solution is Access cannot be integrated with the acquisition of payload data, and additional communication or system calls are required to obtain the identity information of the corresponding process from the kernel.
- the transmission of abstract identity information cannot well reflect the service-oriented identity of the vehicle software, which brings difficulties to the implementation of further access control.
- the binding of payload data and identity information in IPC can be achieved, which helps to reduce the latency of inter-process communication and also helps to improve the efficiency and certainty of communication.
- FIG4 shows a schematic flow chart of a communication method 400 provided in an embodiment of the present application.
- the method 400 may be executed by the intelligent driving device 100, or the method 400 may be executed by the computing platform 120, or the method 400 may be executed by a system-on-a-chip (SoC) in the computing platform 120, or the method 400 may be executed by a processor in the computing platform 120.
- SoC system-on-a-chip
- the method 400 includes:
- S410 Allocate a first memory for a first process in a kernel, where the first memory includes a memory for carrying identity information of the first process.
- the first process may be a client process or an initiator process.
- the first process may be the application 1 in FIG. 3 .
- the method 400 further includes: allocating a second memory for the first process in the kernel, the second memory being a memory for carrying payload data.
- the payload data may not be filled in the second memory. In this way, zero copy of the payload data during the mapping process can be achieved, thereby helping to reduce the latency of inter-process communication.
- S420 Fill the identity information of the first process into the first memory.
- the identity information of the first process may be abstract identity information of the first process.
- the abstract identity information of the first process includes but is not limited to one or more of UID, GID or PID.
- the identity information of the first process may be service-based identity information of the first process.
- the service-based identity information of the first process includes, but is not limited to, vehicle-wide unique identification information for defining the first process (such as an application).
- the service-based identity information of the first process may include deployment information of the first process (for example, identification information of the ECU where the application is located).
- the kernel stores a mapping relationship between the abstract identity information of the first process and the service identity information of the first process.
- the method 400 also includes: obtaining the abstract identity information of the first process; and determining the service identity information of the first process based on the abstract identity information of the first process and the mapping relationship.
- S430 Map the first memory to obtain a shared memory, so that the second process obtains the identity information of the first process through the shared memory.
- the second process may be a server process or a receiver process.
- mapping the first memory includes: mapping the first memory from a kernel to a user state.
- the method 400 further includes: when the first process exits, clearing the mapping relationship.
- mapping relationship saved in the kernel can be cleared, which helps to avoid leakage of the identity information of the first process.
- the second process may obtain the abstract identity information of the first process through the shared memory.
- the second process may send the abstract identity information of the first process to the EM.
- the EM may send the service identity information of the first process to the second process based on the abstract identity information of the first process.
- the method 400 further includes: controlling visibility of the first process and the second process to the first memory according to attribute information of the virtual address page table.
- the visibility of the first process and the second process to the first memory is controlled according to the attribute information of the virtual address page table, including: according to the attribute information of the virtual address page table, the first process is controlled to be invisible to the first memory and the second process is controlled to be readable but not writable to the first memory.
- the identity information of the first process can be protected, thereby helping to improve the security of the identity information transmission mechanism.
- the first memory also includes a memory for carrying payload data of the first process
- the method 400 further includes: filling the payload data in the shared memory, so that the second process obtains the payload data through the shared memory.
- the first memory includes a third memory and a fourth memory
- the third memory is used to carry the identity information of the first process
- the fourth memory is used to carry the payload data of the first process.
- the identity information of the first process can be filled in the third memory and the payload data of the first process is not filled in the fourth memory.
- the shared memory obtained after mapping from the kernel to the user state includes the identity information of the first process.
- the payload data of the first process is not included.
- the first process can fill the payload data of the first process in the memory used to carry the payload data of the first process in the shared memory. In this way, zero copy of the payload data in the memory mapping process is achieved.
- the length of the memory in the first memory used to carry the identity information is a preset length.
- the memory used to carry identity information and the memory used to carry payload data can be decoupled, so that the fixed length of the memory used to carry identity information can be achieved, and the second process can quickly obtain the identity information of the first process, which helps to improve the efficiency of inter-process communication and also helps to reduce the latency of inter-process communication.
- the payload data is zero-copied throughout the process, which also helps to further reduce the latency of inter-process communication.
- the second process obtains the identity information of the first process through a pointer address offset.
- the memory used to carry identity information can be of fixed length, so that the second process can quickly obtain the identity information of the first process by means of pointer address offset, which helps to reduce the delay of communication between processes.
- FIG5 shows a schematic diagram of a communication method 500 provided in an embodiment of the present application.
- the data transmitted by an IPC may include two parts, such as payload data and notification information, wherein the payload data may include information indicating the memory address of the data, and the receiving process may read the data according to the memory address; the notification information may include the identity information of the initiating process.
- the payload data may be transmitted between processes through a zero-copy mechanism, such as shared memory.
- the transmission of notification information is usually implemented based on some synchronization mechanism of the kernel, such as a pipe, a semaphore or a socket.
- the transmission of identity information can be transmitted along with the notification between processes.
- the inter-process communication method 500 may include the following steps:
- the execution management module (EM) obtains the identity information of the application from the configuration file of the application.
- the EM may be the AutoSAR EM shown in FIG2.
- the EM may be used to provide environment variables required by the application at runtime, or may be used by the application to control resource usage.
- Fig. 6 shows a schematic diagram of secure inter-process communication provided by an embodiment of the present application.
- a configuration file may be generated, and the configuration file may include the identity information of the application.
- the identity information of the application may include abstract identity information and service identity information of the application.
- the abstract identity information of the application includes but is not limited to the UID, GID or PID of the application.
- the identity information of a process is generally represented by the process ID, or PID.
- PID process ID
- Some operating systems set different UIDs for different processes and use UID as the identity information of the process. Since the in-vehicle scenario involves multiple types of operating systems and a multi-component vehicle identity system, neither PID nor UID can fully reflect the identity information of the process in the in-vehicle scenario. Service-based identity information can better reflect the identity information of the process in the in-vehicle scenario.
- the service-based identity information of the application includes, but is not limited to, the vehicle-wide unique identification information used to define the application.
- the vehicle-wide unique identification information may be defined according to product requirements.
- the vehicle-wide unique identification information may include the deployment information of the application (e.g., the identification information of the ECU where the application is located).
- the identification information of the ECU where the application is located may be the serial number of the ECU where the application is located.
- S502 when the EM controls the start-up of the initiating end process (application 1), the EM sets the abstract identity information of the process to the identity management module of the kernel through a system call.
- the client process and the server process can be started by EM.
- EM has a parent-child relationship with the client process and the server process, so EM has the service identity information of all processes. These service identity information actually comes from the identity information statically configured by the user. Finally, these service identity information are injected by EM into the identity management module in the kernel with a higher security level for storage.
- FIG7 shows a schematic diagram of calling the service-based identity information saved by the identity management module provided in an embodiment of the present application.
- the EM starts the process, the abstract identity information of the process is set to the kernel through a system call.
- the identity management module in the kernel can establish a mapping relationship between the abstract identity information of the process and the service-based identity information.
- the EM can notify the identity management module to complete the cleanup of the identity information to avoid resource leakage.
- the EM can send an indication message 1 to the identity management module, and the indication message 1 is used to instruct the identity management module to establish a mapping relationship between the abstract identity information (for example, PID) of the process and the service-based identity information (the identification information of the ECU where the process is located). For example, when the identity management module receives the indication message 1, it can establish a mapping relationship between the abstract identity information of the process and the service-based identity information.
- the EM can send an indication message 2 to the identity management module, and the indication message 2 is used to instruct the identity management module to clean up the mapping relationship between the abstract identity information of the process and the service-based identity information. For example, when the identity management module receives the indication message 2, it can clean up the mapping relationship between the abstract identity information of the process and the service-based identity information.
- the EM controls the initiator process (application 1) to start.
- EM controlling the start of application 1 can also be understood as EM launching application 1 .
- the initiator process (application 1) instructs the IPC driver to perform IPC initialization.
- Application 1 instructing the IPC driver to perform IPC initialization can also be understood as application 1 calling the IPC initialization interface.
- the IPC driver handle (IPC handle) is the return value of the IPC driver initialization.
- the IPC driver receives the instruction of IPC initialization and allocates a notification memory block for the initiator process (application 1).
- the above notification memory block may be the first memory in the above method 400 .
- the notification memory block may include an identity data memory, wherein the identity data memory may be used to carry identity information of the application 1 .
- the notification memory block may include a memory for carrying payload data and the identity data memory.
- the IPC driver obtains the identity information of the initiator process (application 1) from the identity management module and fills it into the identity data memory.
- the kernel has the ability to obtain the abstract identity information of the process.
- the IPC driver can obtain the service identity information of application 1 from the identity management module and bind the IPC handle to the service identity information of application 1.
- the identity management module can obtain the abstract identity information (e.g., PID) of application 1 through the task control block (TCB) of application 1, and then obtain the service identity information of application 1 injected by EM according to the mapping relationship between the abstract identity information and the service identity information.
- the service identity information can be filled into the identity data memory by the IPC driver module.
- the IPC driver performs memory mapping for the sending process (application 1) and the receiving process (application 2), obtains shared memory and records the mapping information in the IPC description blocks (notification blocks) at both ends of the communication.
- the IPC driver can control the visibility of the identity data memory in the processes at both ends by controlling the mapped virtual address page table.
- Figure 8 shows a schematic diagram of the visibility of the identity data memory in the two end processes provided by the IPC driver provided in the embodiment of the present application.
- the initiating end process (application 1) is not visible to the identity data memory
- the receiving end process (application 2) can read but not write to the identity data memory.
- the IPC driver can control the visibility of the identity data memory to the processes at both ends by setting the attribute information of the virtual address page table.
- the IPC driver can control the application 1 to be invisible to the identity data memory and control the application 2 to be readable but not writable to the identity data memory by setting the attribute information of the virtual address page table.
- the two ends of the communication can implement a strictly one-way zero-trust model.
- the receiving end process can have zero trust in the initiating end process, and the receiving end process can safely and efficiently obtain the identity information of the initiating end process.
- the initiator process (application 1) writes the payload data into the shared memory.
- the shared memory can be obtained.
- the initiator process (application 1) writes the payload data into the memory used to carry the payload data in the shared memory.
- the payload data may include information for indicating a memory address of the data.
- the initiating end process (application 1) sends a notification to the receiving end process (application 2) using the kernel synchronization mechanism.
- the kernel synchronization mechanism includes a Futex mechanism.
- the process of the initiator process sending a notification to the receiver process through the kernel synchronization mechanism can refer to the implementation method in the prior art, and this is not specifically limited in the embodiments of the present application.
- the receiving end process (application 2) reads the payload data and identity information of the sending end process (application 1) through the shared memory.
- FIG9 shows a schematic diagram of a receiving end process obtaining the identity information of an initiating end process through a pointer address offset provided by an embodiment of the present application.
- the IPC driver performs memory mapping, it can determine that the virtual addresses of the entire notification memory block sequence are continuous. In this way, the receiving end process can simply use the pointer address offset to access the identity data memory, thereby obtaining the identity information of the initiating end process.
- the notification memory block may be of fixed length (eg, 8 KB), wherein the length of the memory used to carry the payload data may be 6 KB, and the length of the identity data memory may be 2 KB.
- the memory used to carry the payload data can be decoupled from the identity data memory, so that the identity data memory can be fixed-length and the payload data can be zero-copy throughout the process.
- the memory used to carry the payload data and the identity data memory are allocated once when the IPC is initialized.
- the identity data memory is filled once when it is allocated.
- the receiving process does not need to fall into the kernel again to obtain the identity information of the initiating process, which reduces the identity transmission mechanism in the entire communication. The impact of the communication process on communication performance.
- the receiving end process can verify the access rights of the initiating end process based on the middleware access control mechanism and the identity information of the initiating end process (application 1) obtained from the shared memory.
- the receiving end process (application 2) can obtain the payload data in the shared memory.
- the receiving end process (application 2) can also access the data memory according to the memory address of the data indicated in the payload data.
- the shared memory is mapped by the kernel to the user-mode process for use. After the receiving end process is notified and awakened, the identity information of the initiating end process can be obtained through the shared memory. In this way, the receiving end process does not need to fall into the kernel again to obtain the identity information of the sending end process, which helps to reduce the delay of inter-process communication and also helps to improve the efficiency and certainty of communication.
- An embodiment of the present application also provides a device for implementing any of the above methods.
- a device is provided including units (or means) for implementing each step performed by an intelligent driving device or a computing platform in any of the above methods.
- FIG10 shows a schematic block diagram of a communication device 1000 provided in an embodiment of the present application.
- the communication device 1000 includes:
- a memory allocation unit 1010 configured to allocate a first memory to a first process in the kernel, wherein the first memory includes a memory for carrying identity information of the first process;
- a data filling unit 1020 configured to fill the identity information of the first process into the first memory
- the data mapping unit 1030 is used to map the first memory to obtain a shared memory, so that the second process obtains the identity information of the first process through the shared memory.
- the identity information of the first process includes service-based identity information of the first process.
- the kernel stores a mapping relationship between the abstract identity information of the first process and the service identity information of the first process
- the device 1000 also includes: an acquisition unit for acquiring the abstract identity information of the first process; a determination unit for determining the service identity information of the first process based on the abstract identity information of the first process and the mapping relationship.
- the device 1000 further includes: a data cleaning unit, configured to clean up the mapping relationship when the first process exits.
- a data cleaning unit configured to clean up the mapping relationship when the first process exits.
- the device 1000 further includes: a control unit, configured to control visibility of the first process and the second process to the first memory according to attribute information of the virtual address page table.
- a control unit configured to control visibility of the first process and the second process to the first memory according to attribute information of the virtual address page table.
- control unit is used to: control the first process to be invisible to the first memory and control the second process to be readable but not writable to the first memory according to attribute information of the virtual address page table.
- the first memory also includes a memory for carrying the payload data of the first process
- the data filling unit 1020 is further used to fill the payload data in the shared memory so that the second process obtains the payload data through the shared memory.
- the second process obtains the identity information of the first process through a pointer address offset.
- the memory allocation unit 1010 may be the computing platform in Figure 1 or a processing circuit, processor or controller in the computing platform. Taking the memory allocation unit 1010 as the processor 121 in the computing platform as an example, the processor 121 may allocate the first memory for the first process in the kernel.
- the data filling unit 1020 may be the computing platform in Figure 1 or a processing circuit, processor or controller in the computing platform. Taking the data filling unit 1020 as the processor 122 in the computing platform as an example, the processor 122 may fill the identity information of the first process in the first memory allocated by the processor 121 in the kernel.
- the data mapping unit 1030 may be the computing platform in FIG1 or a processing circuit, a processor, or a controller in the computing platform.
- the processor 12n may map the first memory to obtain a shared memory, so that the second process obtains the identity information of the first process through the shared memory.
- the processor 12n may map the first memory in the kernel state to the user state, so that the second process obtains the identity information of the first process through the shared memory mapped to the user state.
- the functions implemented by the above memory allocation unit 1010, the functions implemented by the data filling unit 1020 and the functions implemented by the data mapping unit 1030 can be implemented by different processors respectively, or some functions can be implemented by the same processor, or all functions can be implemented by the same processor, and the embodiments of the present application are not limited to this.
- the division of the units in the above device is only a division of logical functions. In actual implementation, they can be fully or partially integrated into one physical entity, or they can be physically separated.
- the units in the device can be implemented in the form of a processor calling software; for example, the device includes a processor, the processor is connected to a memory, the memory stores instructions, and the processor calls the instructions stored in the memory to implement any of the above methods or to implement the functions of the units of the device, wherein the processor is, for example, a general-purpose processor, such as a CPU or a microprocessor, and the memory is a memory inside the device or a memory outside the device.
- the units in the device can be implemented in the form of hardware circuits, and the functions of some or all units can be realized by designing the hardware circuits.
- the hardware circuit can be understood as one or more processors; for example, in one implementation In the present invention, the hardware circuit is an ASIC, and the functions of some or all of the above units are realized by designing the logical relationship of the components in the circuit; for example, in another implementation, the hardware circuit can be realized by PLD, taking FPGA as an example, which can include a large number of logic gate circuits, and the connection relationship between the logic gate circuits is configured by the configuration file, so as to realize the functions of some or all of the above units. All units of the above device can be realized in the form of software called by the processor, or in the form of hardware circuit, or in part by software called by the processor, and the rest by hardware circuit.
- a processor is a circuit with the ability to process signals.
- the processor may be a circuit with the ability to read and run instructions, such as a CPU, a microprocessor, a GPU, or a DSP; in another implementation, the processor may implement certain functions through the logical relationship of a hardware circuit, and the logical relationship of the hardware circuit is fixed or reconfigurable, such as a hardware circuit implemented by an ASIC or PLD, such as an FPGA.
- the process of the processor loading a configuration document to implement the hardware circuit configuration can be understood as the process of the processor loading instructions to implement the functions of some or all of the above units.
- it can also be a hardware circuit designed for artificial intelligence, which can be understood as an ASIC, such as an NPU, TPU, DPU, etc.
- each unit in the above device can be one or more processors (or processing circuits) configured to implement the above method, such as: CPU, GPU, NPU, TPU, DPU, microprocessor, DSP, ASIC, FPGA, or a combination of at least two of these processor forms.
- processors or processing circuits
- the SOC may include at least one processor for implementing any of the above methods or implementing the functions of each unit of the device.
- the type of the at least one processor may be different, for example, including a CPU and an FPGA, a CPU and an artificial intelligence processor, a CPU and a GPU, etc.
- An embodiment of the present application also provides a device, which includes a processing unit and a storage unit, wherein the storage unit is used to store instructions, and the processing unit executes the instructions stored in the storage unit so that the device executes the method or steps executed by the above embodiment.
- the processing unit may be the processor 121 - 12n shown in FIG. 1 .
- An embodiment of the present application also provides an intelligent driving device, which may include the above-mentioned communication device 1000.
- the intelligent driving device may be a vehicle.
- the embodiment of the present application further provides a computer program product, which includes: a computer program code, and when the computer program code is executed on a computer, the computer executes the above method.
- the embodiment of the present application further provides a computer-readable medium, wherein the computer-readable medium stores a program code.
- the computer program code is executed on a computer, the computer executes the above method.
- each step of the above method can be completed by an integrated logic circuit of hardware in a processor or an instruction in the form of software.
- the method disclosed in conjunction with the embodiment of the present application can be directly embodied as a hardware processor for execution, or a combination of hardware and software modules in a processor for execution.
- the software module can be located in a mature storage medium in the art such as a random access memory, a flash memory, a read-only memory, a programmable read-only memory, or a power-on erasable programmable memory, a register, etc.
- the storage medium is located in a memory, and the processor reads the information in the memory and completes the steps of the above method in conjunction with its hardware. To avoid repetition, it is not described in detail here.
- the memory may include a read-only memory and a random access memory, and provide instructions and data to the processor.
- the size of the serial numbers of the above-mentioned processes does not mean the order of execution.
- the execution order of each process should be determined by its function and internal logic, and should not constitute any limitation on the implementation process of the embodiments of the present application.
- the disclosed systems, devices and methods can be implemented in other ways.
- the device embodiments described above are only schematic.
- the division of the units is only a logical function division. There may be other division methods in actual implementation, such as multiple units or components can be combined or integrated into another system, or some features can be ignored or not executed.
- Another point is that the mutual coupling or direct coupling or communication connection shown or discussed can be through some interfaces, indirect coupling or communication connection of devices or units, which can be electrical, mechanical or other forms.
- the units described as separate components may or may not be physically separated, and the components shown as units may or may not be physical units, that is, they may be located in one place or distributed over multiple network units. Some or all of the units may be selected to achieve the purpose of the solution of this embodiment.
- each functional unit in each embodiment of the present application may be integrated into one processing unit, or each unit may exist physically separately, or two or more units may be integrated into one unit.
- the functions are implemented in the form of software functional units and sold or used as independent products, they can be stored in a computer-readable storage medium.
- the computer software product is stored in a storage medium, including several instructions for a computer device (which can be a personal computer, server, or network device, etc.) to perform all or part of the steps of the methods described in each embodiment of the present application.
- the aforementioned storage media include: U disk, mobile hard disk, read-only memory (ROM), random access memory (RAM), disk or optical disk, and other media that can store program codes.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
- Storage Device Security (AREA)
Abstract
Embodiments of the present application provide a communication method and apparatus, and an intelligent driving device. The method comprises: allocating, in a kernel, a first memory to a first process, the first memory comprising a memory used for carrying identity information of the first process; filling the first memory with the identity information of the first process; and mapping the first memory to obtain a shared memory, such that a second process acquires the identity information of the first process by means of the shared memory. The embodiments of the present application can be applied to intelligent vehicles or electric vehicles, thereby facilitating the reduction of the delay in inter-process communication and also facilitating the improvement of the communication efficiency and certainty.
Description
本申请涉及通信领域,并且更具体地,涉及一种通信方法、装置和智能驾驶设备。The present application relates to the field of communications, and more specifically, to a communication method, apparatus and intelligent driving equipment.
相比于传统燃油车辆,智能网联车辆需要面对来自整个互联网的攻击者。这为车辆从业者,尤其是车辆软件从业者,带来巨大的挑战。在自动驾驶领域,车辆软件从业者更要应对智能化带来的新的安全课题。只有解决数字安全问题,自动驾驶平台才能保证用户的安全驾驶。Compared with traditional fuel vehicles, intelligent connected vehicles need to face attackers from the entire Internet. This brings huge challenges to vehicle practitioners, especially vehicle software practitioners. In the field of autonomous driving, vehicle software practitioners must deal with new security issues brought about by intelligence. Only by solving digital security issues can the autonomous driving platform ensure the safety of users' driving.
通常提及的安全通信更多偏向于安全的网络通信,或者是电子控制单元(electronic control unit,ECU)之间的通信。但实际在车辆运行当中,由于服务化部署以及操作系统的微内核发展趋势,使得进程之间如何进行高效且安全的通信成为一个亟待解决的问题。The commonly mentioned secure communication is more inclined to secure network communication or communication between electronic control units (ECUs). However, in actual vehicle operation, due to the service-oriented deployment and the development trend of the microkernel of the operating system, how to communicate efficiently and securely between processes has become an urgent problem to be solved.
发明内容Summary of the invention
本申请实施例提供一种通信方法和装置,有助于提升进程之间通信的效率和安全性。The embodiments of the present application provide a communication method and device, which help to improve the efficiency and security of communication between processes.
本申请中的智能驾驶设备可以包括路上交通工具、水上交通工具、空中交通工具、工业设备、农业设备、或娱乐设备等。例如智能驾驶设备可以为车辆,该车辆为广义概念上的车辆,可以是交通工具(如商用车、乘用车、摩托车、飞行车、火车等),工业车辆(如:叉车、挂车、牵引车等),工程车辆(如挖掘机、推土车、吊车等),农用设备(如割草机、收割机等),游乐设备,玩具车辆等,本申请实施例对智能驾驶设备的类型不作具体限定。再如,智能驾驶设备可以为飞机、或轮船等交通工具。The intelligent driving equipment in this application may include road vehicles, water vehicles, air vehicles, industrial equipment, agricultural equipment, or entertainment equipment, etc. For example, the intelligent driving equipment may be a vehicle, which is a vehicle in a broad sense, and may be a vehicle (such as a commercial vehicle, a passenger car, a motorcycle, a flying car, a train, etc.), an industrial vehicle (such as a forklift, a trailer, a tractor, etc.), an engineering vehicle (such as an excavator, a bulldozer, a crane, etc.), agricultural equipment (such as a mower, a harvester, etc.), amusement equipment, a toy vehicle, etc. The embodiment of this application does not specifically limit the type of intelligent driving equipment. For another example, the intelligent driving equipment may be a vehicle such as an airplane or a ship.
第一方面,提供了一种通信方法,该方法包括:在内核中为第一进程分配第一内存,该第一内存包括用于承载该第一进程的身份信息的内存;将该第一进程的身份信息填入该第一内存中;对该第一内存进行映射,得到共享内存,以使得第二进程通过该共享内存获取该第一进程的身份信息。In a first aspect, a communication method is provided, the method comprising: allocating a first memory for a first process in a kernel, the first memory comprising a memory for carrying identity information of the first process; filling the identity information of the first process into the first memory; mapping the first memory to obtain a shared memory, so that a second process obtains the identity information of the first process through the shared memory.
本申请实施例中,共享内存是由内核映射给用户态进程使用的,接收端进程(第二进程)可以通过该共享内存获取发起端进程的身份信息。这样,无需接收端进程再次陷入内核来获取发送端进程(第一进程)的身份信息,有助于降低进程间通信的时延,也有助于提升通信的效率和确定性。In the embodiment of the present application, the shared memory is mapped by the kernel to the user-mode process for use, and the receiving process (second process) can obtain the identity information of the initiating process through the shared memory. In this way, the receiving process does not need to fall into the kernel again to obtain the identity information of the sending process (first process), which helps to reduce the delay of inter-process communication and also helps to improve the efficiency and certainty of communication.
在一些可能的实现方式中,对该第一内存进行映射,得到共享内存,包括:将该第一内存从该内核映射至用户态,获得该共享内存。In some possible implementations, mapping the first memory to obtain a shared memory includes: mapping the first memory from the kernel to a user state to obtain the shared memory.
在一些可能的实现方式中,该第一进程可以为客户端进程或者发起端进程。In some possible implementations, the first process may be a client process or an initiator process.
在一些可能的实现方式中,该第二进程可以为服务端进程或者接收端进程。In some possible implementations, the second process may be a server process or a receiver process.
结合第一方面,在第一方面的某些实现方式中,该第一进程的身份信息包括该第一进程的服务化身份信息。In combination with the first aspect, in some implementations of the first aspect, the identity information of the first process includes service-based identity information of the first process.
由于车载场景涉及多种类型的操作系统以及多部件的整车身份体系,所以抽象化身份信息(例如,用户标识(user identity,UID)、组标识(group identity,GID)或者进程标识(process identity,PID))不能完整反映车载场景中进程的身份信息。本申请实施例中,第二进程可以获取第一进程的服务化身份信息,通过第一进程的服务化身份信息可以更好的反应车载场景中进程的身份信息。Since the vehicle-mounted scenario involves various types of operating systems and a multi-component vehicle identity system, abstract identity information (e.g., user identification (UID), group identification (GID) or process identification (PID)) cannot fully reflect the identity information of the process in the vehicle-mounted scenario. In the embodiment of the present application, the second process can obtain the service-based identity information of the first process, and the service-based identity information of the first process can better reflect the identity information of the process in the vehicle-mounted scenario.
在一些可能的实现方式中,第一进程的服务化身份信息包括但不限于用于定义该第一进程(如应用程序)的整车唯一标识信息。例如,第一进程的服务化身份信息可以包括该第一进程的部署信息(例如,应用程序所处的ECU的标识信息)。In some possible implementations, the service-based identity information of the first process includes, but is not limited to, vehicle-wide unique identification information used to define the first process (such as an application). For example, the service-based identity information of the first process may include deployment information of the first process (for example, identification information of the ECU where the application is located).
结合第一方面,在第一方面的某些实现方式中,该内核中保存有该第一进程的抽象化身份信息与该第一进程的服务化身份信息之间的映射关系,该方法还包括:获取该第一进程的抽象化身份信息;根据该第一进程的抽象化身份信息以及该映射关系,确定该第一进程的服务化身份信息。In combination with the first aspect, in certain implementations of the first aspect, the kernel stores a mapping relationship between the abstract identity information of the first process and the service identity information of the first process, and the method also includes: obtaining the abstract identity information of the first process; and determining the service identity information of the first process based on the abstract identity information of the first process and the mapping relationship.
本申请实施例中,内核中保存第一进程的抽象化身份信息与第一进程的服务化身份信息之间的映射关系。在第一进程启动时内核可以获取第一进程的抽象化身份信息,从而根据该抽象化身份信息以及该映射关系,可以确定第一进程的服务化身份信息。从而可以将第一进程的服务化身份信息填入第一内存
中,在进行内存映射后第二进程可以从共享内存中获取该第一进程的服务化身份信息。这样,无需第二进程通过执行管理模块EM获取第一进程的服务化身份信息,有助于降低进程间通信的时延。In the embodiment of the present application, the kernel stores the mapping relationship between the abstract identity information of the first process and the service identity information of the first process. When the first process is started, the kernel can obtain the abstract identity information of the first process, and then determine the service identity information of the first process based on the abstract identity information and the mapping relationship. Thus, the service identity information of the first process can be filled into the first memory. In the example, after memory mapping, the second process can obtain the service identity information of the first process from the shared memory. In this way, the second process does not need to obtain the service identity information of the first process through the execution management module EM, which helps to reduce the delay of inter-process communication.
在一些可能的实现方式中,获取该第一进程的抽象化身份信息,包括:在第一进程启动时,获取该第一进程的抽象化身份信息。In some possible implementations, obtaining the abstracted identity information of the first process includes: obtaining the abstracted identity information of the first process when the first process is started.
结合第一方面,在第一方面的某些实现方式中,该方法还包括:在该第一进程退出时,清理该映射关系。In combination with the first aspect, in some implementations of the first aspect, the method further includes: when the first process exits, clearing the mapping relationship.
本申请实施例中,在第一进程退出时,可以清理内核中保存的该映射关系,有助于避免第一进程的身份信息的泄露。In an embodiment of the present application, when the first process exits, the mapping relationship saved in the kernel can be cleared, which helps to avoid leakage of the identity information of the first process.
结合第一方面,在第一方面的某些实现方式中,该方法还包括:根据虚拟地址页表的属性信息,控制该第一进程和该的第二进程对该第一内存的可见性。In combination with the first aspect, in some implementations of the first aspect, the method further includes: controlling visibility of the first process and the second process to the first memory according to attribute information of the virtual address page table.
本申请实施例中,通过虚拟地址页表的属性信息,可以控制第一进程和第二进程对第一内存的可见性。这样,通信两端可以实现严格单向的零信任模型,有助于提升身份信息传递机制的安全性。In the embodiment of the present application, the visibility of the first process and the second process to the first memory can be controlled through the attribute information of the virtual address page table. In this way, the two ends of the communication can implement a strictly one-way zero-trust model, which helps to improve the security of the identity information transmission mechanism.
结合第一方面,在第一方面的某些实现方式中,该根据虚拟地址页表的属性信息,控制该第一进程和该的第二进程对该第一内存的可见性,包括:根据该虚拟地址页表的属性信息,控制该第一进程对该第一内存不可见且控制该第二进程对该第一内存可读且不可写。In combination with the first aspect, in certain implementations of the first aspect, the visibility of the first process and the second process to the first memory is controlled according to the attribute information of the virtual address page table, including: controlling the first process to be invisible to the first memory and controlling the second process to be readable but not writable to the first memory according to the attribute information of the virtual address page table.
本申请实施例中,通过控制第一进程对该第一内存不可见且控制第二进程对该第一内存可读且不可写,可以实现对第一进程的身份信息的保护,从而有助于有提升身份信息传递机制的安全性。In the embodiment of the present application, by controlling the first process to be invisible to the first memory and controlling the second process to be readable but not writable to the first memory, the identity information of the first process can be protected, thereby helping to improve the security of the identity information transmission mechanism.
结合第一方面,在第一方面的某些实现方式中,该第一内存还包括用于承载该第一进程的载荷数据的内存,该方法还包括:在该共享内存中填入该载荷数据,以使得该第二进程通过该共享内存获取该载荷数据。In combination with the first aspect, in certain implementations of the first aspect, the first memory also includes a memory for carrying payload data of the first process, and the method also includes: filling the payload data in the shared memory so that the second process obtains the payload data through the shared memory.
本申请实施例中,用于承载身份信息的内存和用于承载载荷数据的内存可以一次性分配,用于承载身份信息的内存在分配时可以一次性填充完成,有助于降低身份信息传递机制在整个通信中对性能的影响。In an embodiment of the present application, the memory used to carry identity information and the memory used to carry payload data can be allocated at one time, and the memory used to carry identity information can be filled in one time when allocated, which helps to reduce the impact of the identity information transmission mechanism on performance in the entire communication.
用于承载第一进程的身份信息的内存和用于承载第一进程的载荷数据的内存解耦,从而可以实现第一内存定长且用于承载载荷数据的内存在映射过程中实现零拷贝,有助于进一步降低进程间通信的时延。The memory used to carry the identity information of the first process and the memory used to carry the payload data of the first process are decoupled, so that the first memory can be fixed-length and the memory used to carry the payload data can achieve zero copy during the mapping process, which helps to further reduce the latency of inter-process communication.
结合第一方面,在第一方面的某些实现方式中,该第二进程通过指针地址偏移获取该第一进程的身份信息。In combination with the first aspect, in some implementations of the first aspect, the second process obtains the identity information of the first process through a pointer address offset.
在一些可能的实现方式中,该第一内存中用于承载身份信息的内存的长度为预设长度。In some possible implementations, the length of the memory in the first memory used to carry the identity information is a preset length.
本申请实施例中,用于承载身份信息的内存的长度可以为预设长度,这样接收端进程可以通过指针地址偏移快速获取该第一进程的身份信息。In the embodiment of the present application, the length of the memory used to carry the identity information can be a preset length, so that the receiving end process can quickly obtain the identity information of the first process through the pointer address offset.
第二方面,提供了一种通信装置,该通信装置包括:内存分配单元,用于在内核中为第一进程分配第一内存,该第一内存包括用于承载该第一进程的身份信息的内存;数据填充单元,用于将该第一进程的身份信息填入该第一内存中;数据映射单元,用于对该第一内存进行映射,得到共享内存,以使得第二进程通过该共享内存获取该第一进程的身份信息。In a second aspect, a communication device is provided, which includes: a memory allocation unit, used to allocate a first memory for a first process in a kernel, the first memory including a memory for carrying identity information of the first process; a data filling unit, used to fill the identity information of the first process into the first memory; and a data mapping unit, used to map the first memory to obtain a shared memory, so that the second process obtains the identity information of the first process through the shared memory.
结合第二方面,在第二方面的某些实现方式中,该第一进程的身份信息包括该第一进程的服务化身份信息。In combination with the second aspect, in some implementations of the second aspect, the identity information of the first process includes service-based identity information of the first process.
结合第二方面,在第二方面的某些实现方式中,该内核中保存有该第一进程的抽象化身份信息与该第一进程的服务化身份信息之间的映射关系,该装置还包括:获取单元,用于获取该第一进程的抽象化身份信息;确定单元,用于根据该第一进程的抽象化身份信息以及该映射关系,确定该第一进程的服务化身份信息。In combination with the second aspect, in certain implementations of the second aspect, the kernel stores a mapping relationship between the abstract identity information of the first process and the service identity information of the first process, and the device also includes: an acquisition unit for acquiring the abstract identity information of the first process; a determination unit for determining the service identity information of the first process based on the abstract identity information of the first process and the mapping relationship.
结合第二方面,在第二方面的某些实现方式中,该装置还包括:数据清理单元,用于在该第一进程退出时,清理该映射关系。In combination with the second aspect, in some implementations of the second aspect, the device further includes: a data cleaning unit, configured to clean up the mapping relationship when the first process exits.
结合第二方面,在第二方面的某些实现方式中,该装置还包括:控制单元,用于根据虚拟地址页表的属性信息,控制该第一进程和该的第二进程对该第一内存的可见性。In combination with the second aspect, in some implementations of the second aspect, the device also includes: a control unit, used to control visibility of the first process and the second process to the first memory according to attribute information of the virtual address page table.
结合第二方面,在第二方面的某些实现方式中,该控制单元,用于:根据该虚拟地址页表的属性信息,控制该第一进程对该第一内存不可见且控制该第二进程对该第一内存可读且不可写。In combination with the second aspect, in some implementations of the second aspect, the control unit is used to: control the first process to be invisible to the first memory and control the second process to be readable but not writable to the first memory according to attribute information of the virtual address page table.
结合第二方面,在第二方面的某些实现方式中,该第一内存还包括用于承载该第一进程的载荷数据的内存,该数据填充单元,还用于:在该共享内存中填入该载荷数据,以使得该第二进程通过该共享内
存获取该载荷数据。In conjunction with the second aspect, in some implementations of the second aspect, the first memory further includes a memory for carrying the payload data of the first process, and the data filling unit is further used to: fill the payload data in the shared memory so that the second process can Save and obtain the load data.
结合第二方面,在第二方面的某些实现方式中,该第二进程通过指针地址偏移获取该第一进程的身份信息。In combination with the second aspect, in some implementations of the second aspect, the second process obtains the identity information of the first process through a pointer address offset.
第三方面,提供了一种通信装置,该通信装置包括处理单元和存储单元,其中存储单元用于存储指令,处理单元执行存储单元所存储的指令,以使该装置执行第一方面中任一种可能的方法。In a third aspect, a communication device is provided, which includes a processing unit and a storage unit, wherein the storage unit is used to store instructions, and the processing unit executes the instructions stored in the storage unit to enable the device to perform any possible method in the first aspect.
第四方面,提供了一种智能驾驶设备,该智能驾驶设备包括第二方面或者第三方面中任一种可能的装置。In a fourth aspect, an intelligent driving device is provided, which includes any possible device in the second aspect or the third aspect.
在一些可能的实现方式中,该智能驾驶设备为车辆。In some possible implementations, the intelligent driving device is a vehicle.
第五方面,提供了一种计算机程序产品,所述计算机程序产品包括:计算机程序代码,当所述计算机程序代码在计算机上运行时,使得计算机执行上述第一方面中任一种可能的方法。In a fifth aspect, a computer program product is provided, the computer program product comprising: a computer program code, when the computer program code is run on a computer, the computer executes any possible method in the above-mentioned first aspect.
需要说明的是,上述计算机程序代码可以全部或者部分存储在第一存储介质上,其中第一存储介质可以与处理器封装在一起的,也可以与处理器单独封装,本申请实施例对此不作具体限定。It should be noted that the above-mentioned computer program code can be stored in whole or in part on the first storage medium, wherein the first storage medium can be packaged together with the processor or separately packaged with the processor, and the embodiments of the present application do not specifically limit this.
第六方面,提供了一种计算机可读介质,所述计算机可读介质存储有程序代码,当所述计算机程序代码在计算机上运行时,使得计算机执行上述第一方面中任一种可能的方法。In a sixth aspect, a computer-readable medium is provided, wherein the computer-readable medium stores a program code, and when the computer program code is executed on a computer, the computer executes any possible method in the first aspect.
第七方面,本申请实施例提供了一种芯片系统,该芯片系统包括处理器,用于调用存储器中存储的计算机程序或计算机指令,以使得该处理器执行上述第一方面中任一种可能的方法。In a seventh aspect, an embodiment of the present application provides a chip system, which includes a processor for calling a computer program or computer instructions stored in a memory so that the processor executes any possible method in the above-mentioned first aspect.
结合第七方面,在一种可能的实现方式中,该处理器通过接口与存储器耦合。In combination with the seventh aspect, in one possible implementation, the processor is coupled to the memory via an interface.
结合第七方面,在一种可能的实现方式中,该芯片系统还包括存储器,该存储器中存储有计算机程序或计算机指令。In combination with the seventh aspect, in a possible implementation, the chip system also includes a memory, in which a computer program or computer instructions are stored.
第八方面,本申请实施例提供了一种芯片,该芯片包括电路,该电路用于执行上述第一方面中任一种可能的方法。In an eighth aspect, an embodiment of the present application provides a chip, the chip comprising a circuit, and the circuit is used to execute any possible method in the above-mentioned first aspect.
图1是本申请实施例提供的智能驾驶设备的一个功能框图示意。FIG1 is a functional block diagram of an intelligent driving device provided in an embodiment of the present application.
图2是本申请实施例提供的车载系统访问控制架构图。FIG2 is a diagram of an access control architecture of a vehicle-mounted system provided in an embodiment of the present application.
图3是本申请实施例提供的操作系统的示意性框图。FIG3 is a schematic block diagram of an operating system provided in an embodiment of the present application.
图4是本申请实施例提供的通信方法的示意性流程图。FIG4 is a schematic flowchart of a communication method provided in an embodiment of the present application.
图5是本申请实施例提供的通信方法的另一示意性流程图。FIG5 is another schematic flowchart of the communication method provided in an embodiment of the present application.
图6是本申请实施例提供的进程间安全通信的示意图。FIG6 is a schematic diagram of secure inter-process communication provided in an embodiment of the present application.
图7是本申请实施例提供的调用身份管理模块保存的服务化身份信息的示意图。FIG. 7 is a schematic diagram of the service-based identity information saved by the calling identity management module provided in an embodiment of the present application.
图8是本申请实施例提供的进程间通信IPC驱动控制身份数据内存在两端进程的可见性的示意图。FIG8 is a schematic diagram of the visibility of the processes at both ends in the inter-process communication IPC driver control identity data provided by an embodiment of the present application.
图9是本申请实施例提供的接收端进程通过指针地址偏移获取发起端进程的身份信息的示意图。FIG9 is a schematic diagram of a receiving end process obtaining identity information of an initiating end process through a pointer address offset provided by an embodiment of the present application.
图10是申请实施例提供的通信装置的示意性框图。FIG. 10 is a schematic block diagram of a communication device provided in an embodiment of the application.
下面将结合本申请实施例中的附图,对本申请实施例中的技术方案进行描述。其中,在本申请实施例的描述中,除非另有说明,“/”表示或的意思,例如,A/B可以表示A或B;本文中的“和/或”仅仅是一种描述关联对象的关联关系,表示可以存在三种关系,例如,A和/或B,可以表示:单独存在A,同时存在A和B,单独存在B这三种情况。The technical solution in the embodiment of the present application will be described below in conjunction with the drawings in the embodiment of the present application. In the description of the embodiment of the present application, unless otherwise specified, "/" means or, for example, A/B can mean A or B; "and/or" in this article is only a description of the association relationship of associated objects, indicating that there can be three relationships, for example, A and/or B can mean: A exists alone, A and B exist at the same time, and B exists alone.
本申请实施例中采用诸如“第一”、“第二”的前缀词,仅仅为了区分不同的描述对象,对被描述对象的位置、顺序、优先级、数量或内容等没有限定作用。本申请实施例中对序数词等用于区分描述对象的前缀词的使用不对所描述对象构成限制,对所描述对象的陈述参见权利要求或实施例中上下文的描述,不应因为使用这种前缀词而构成多余的限制。此外,在本实施例的描述中,除非另有说明,“多个”的含义是两个或两个以上。In the embodiments of the present application, prefixes such as "first" and "second" are used only to distinguish different description objects, and have no limiting effect on the position, order, priority, quantity or content of the described objects. The use of prefixes such as ordinal numbers to distinguish description objects in the embodiments of the present application does not constitute a limitation on the described objects. For the statement of the described objects, please refer to the description in the context of the claims or embodiments, and no unnecessary limitation should be constituted due to the use of such prefixes. In addition, in the description of the present embodiment, unless otherwise specified, the meaning of "multiple" is two or more.
图1是本申请实施例提供的智能驾驶设备100的一个功能框图示意。智能驾驶设备100可以包括感知系统110和计算平台120,其中,感知系统110可以包括感测关于智能驾驶设备100周边的环境的信息的一种或多种传感器。例如,感知系统110可以包括定位系统,定位系统可以是全球定位系统(global positioning system,GPS),也可以是北斗系统或者其他定位系统。感知系统110还可以包括惯性测量单元
(inertial measurement unit,IMU)、激光雷达、毫米波雷达、超声雷达以及摄像装置中的一种或者多种。FIG1 is a functional block diagram of an intelligent driving device 100 provided in an embodiment of the present application. The intelligent driving device 100 may include a perception system 110 and a computing platform 120, wherein the perception system 110 may include one or more sensors for sensing information about the environment surrounding the intelligent driving device 100. For example, the perception system 110 may include a positioning system, and the positioning system may be a global positioning system (GPS), a Beidou system, or other positioning systems. The perception system 110 may also include an inertial measurement unit. One or more of an inertial measurement unit (IMU), a laser radar, a millimeter-wave radar, an ultrasonic radar, and a camera device.
智能驾驶设备100的部分或所有功能可以由计算平台120控制。计算平台120可包括一个或多个处理器,例如处理器121至12n(n为正整数),处理器是一种具有信号的处理能力的电路,在一种实现中,处理器可以是具有指令读取与运行能力的电路,例如中央处理单元(central processing unit,CPU)、微处理器、图形处理器(graphics processing unit,GPU)(可以理解为一种微处理器)、或数字信号处理器(digital signal processor,DSP)等;在另一种实现中,处理器可以通过硬件电路的逻辑关系实现一定功能,该硬件电路的逻辑关系是固定的或可以重构的,例如处理器为专用集成电路(application-specific integrated circuit,ASIC)或可编程逻辑器件(programmable logic device,PLD)实现的硬件电路,例如现场可编程门阵列(field programmable gate array,FPGA)。在可重构的硬件电路中,处理器加载配置文档,实现硬件电路配置的过程,可以理解为处理器加载指令,以实现以上部分或全部单元的功能的过程。此外,处理器还可以是针对人工智能设计的硬件电路,其可以理解为一种ASIC,例如神经网络处理单元(neural network processing unit,NPU)、张量处理单元(tensor processing unit,TPU)、深度学习处理单元(deep learning processing unit,DPU)等。此外,计算平台120还可以包括存储器,存储器用于存储指令,处理器121至12n中的部分或全部处理器可以调用存储器中的指令,以实现相应的功能。Some or all functions of the intelligent driving device 100 may be controlled by the computing platform 120. The computing platform 120 may include one or more processors, such as processors 121 to 12n (n is a positive integer). The processor is a circuit with signal processing capability. In one implementation, the processor may be a circuit with instruction reading and execution capability, such as a central processing unit (CPU), a microprocessor, a graphics processing unit (GPU) (which can be understood as a microprocessor), or a digital signal processor (DSP); in another implementation, the processor may implement certain functions through the logical relationship of a hardware circuit, and the logical relationship of the hardware circuit is fixed or reconfigurable, such as a hardware circuit implemented by an application-specific integrated circuit (ASIC) or a programmable logic device (PLD), such as a field programmable gate array (FPGA). In a reconfigurable hardware circuit, the process of the processor loading a configuration document to implement the hardware circuit configuration can be understood as the process of the processor loading instructions to implement the functions of some or all of the above units. In addition, the processor can also be a hardware circuit designed for artificial intelligence, which can be understood as an ASIC, such as a neural network processing unit (NPU), a tensor processing unit (TPU), a deep learning processing unit (DPU), etc. In addition, the computing platform 120 can also include a memory, the memory is used to store instructions, and some or all of the processors 121 to 12n can call instructions in the memory to implement corresponding functions.
图2示出了本申请实施例提供的车载系统访问控制架构图。如图2所示,该车载系统访问控制架构包括主体、信息系统、功能模型、内核服务(kernel services,KS)以及虚拟内存管理器(virtual memory manager,VMM)。其中,主体包括空中下载(over the air,OTA)升级服务、车辆历史记录(vehicle history record,VHR)、设备认证、车云通信服务、远程交互、地图更新、汽车开放系统架构(AUTomotive open system architecture,AutoSAR)标准接口、AutoSAR内部接口以及通信管理(communication management,CM)代理。信息系统中包括CM框架(CM skeleton)、操作系统(operating system,OS)内安全共享内存、OS间安全密码学身份。功能模块包括AutoSAR标准功能模块(AutoSAR native function cluster)和AutoSAR内部功能模块(AutoSAR function cluster),其中,AutoSAR标准功能模块包括AutoSAR日志模块、AutoSAR网络管理模块、AutoSAR持久化存储模块、AutoSAR执行管理模块(AutoSAR execution management,AutoSAR EM)、AutoSAR进程健康管理模块、AutoSAR密码学服务模块、AutoSAR入侵检测模块、AutoSAR时间同步模块和AutoSAR升级管理模块等;AutoSAR内部功能模块包括功耗管理模块、文件管理模块、设备管理模块和网络协议栈。KS包括可信执行环境(trusted execution environment,TEE)、内核对象(kernel object)以及异构设备,其中,TEE中包括可信应用(trusted application,TA)、密钥等。内核对象包括文件、驱动、中断、网络、内存和进程等。异构设备包括微控制单元(microcontroller unit,MCU)、加速引擎、硬件安全模块(hardware security module,HSM)、CPU、GPU等。VMM包括虚拟内存接入控制(virtual memory access control)模块以及可信安全底座。CM框架用于查询AutoSAR身份认证管理模块(AutoSAR identity and access management,AutoSAR IAM)的权限,AutoSAR标准功能模块用于查询AutoSAR IAM细粒度的访问权限(例如,键槽(keyslot))。AutoSAR IAM可以分别与ECU A和ECU B通信。FIG2 shows a diagram of the vehicle system access control architecture provided by an embodiment of the present application. As shown in FIG2 , the vehicle system access control architecture includes a subject, an information system, a functional model, kernel services (KS) and a virtual memory manager (VMM). Among them, the subject includes over the air (OTA) upgrade service, vehicle history record (VHR), device authentication, vehicle cloud communication service, remote interaction, map update, AUTomotive open system architecture (AutoSAR) standard interface, AutoSAR internal interface and communication management (CM) agent. The information system includes a CM framework (CM skeleton), secure shared memory within the operating system (OS), and secure cryptographic identities between OSs. Functional modules include AutoSAR standard function modules (AutoSAR native function cluster) and AutoSAR internal function modules (AutoSAR function cluster), among which, AutoSAR standard function modules include AutoSAR log module, AutoSAR network management module, AutoSAR persistent storage module, AutoSAR execution management module (AutoSAR execution management, AutoSAR EM), AutoSAR process health management module, AutoSAR cryptographic service module, AutoSAR intrusion detection module, AutoSAR time synchronization module and AutoSAR upgrade management module, etc.; AutoSAR internal function modules include power management module, file management module, device management module and network protocol stack. KS includes trusted execution environment (TEE), kernel object and heterogeneous devices, among which TEE includes trusted application (TA), key, etc. Kernel objects include files, drivers, interrupts, networks, memory and processes, etc. Heterogeneous devices include microcontroller unit (MCU), acceleration engine, hardware security module (HSM), CPU, GPU, etc. VMM includes a virtual memory access control module and a trusted security base. The CM framework is used to query the permissions of the AutoSAR identity and access management module (AutoSAR IAM), and the AutoSAR standard function module is used to query the fine-grained access permissions (e.g., key slot) of AutoSAR IAM. AutoSAR IAM can communicate with ECU A and ECU B respectively.
图3示出了本申请实施例提供的操作系统300的示意性框图。如图3所示,该操作系统300中可以包括多个用户态进程(例如,应用程序(application,APP)1和APP2)、内核(kernel)/可信基、虚拟内存和物理内存。例如,APP1可以作为客户端进程(或者,发起端进程),APP2可以作为服务端进程(或者,接收端进程)。通常操作系统中的两个进程之间是相互隔离的,一个进程不能直接访问另一个进程的内存地址。FIG3 shows a schematic block diagram of an operating system 300 provided in an embodiment of the present application. As shown in FIG3 , the operating system 300 may include multiple user-mode processes (e.g., application (APP) 1 and APP2), a kernel/trusted base, virtual memory, and physical memory. For example, APP1 may be used as a client process (or, an initiator process), and APP2 may be used as a server process (or, a receiver process). Usually, two processes in an operating system are isolated from each other, and one process cannot directly access the memory address of another process.
应理解,图3所示的操作系统300可以位于图1所示的计算平台120中。It should be understood that the operating system 300 shown in FIG. 3 may be located in the computing platform 120 shown in FIG. 1 .
一般操作系统的系统服务或中间件通常都在用户态构建。因为内核不能过于臃肿,否则会造成攻击面变大以及可靠性和稳定性变差的问题。所以微内核架构越来越受到主流操作系统的欢迎。在构建了中间件或较多系统服务的操作系统中,进程间通信(inter process communication,IPC)就变成了一种非常重要的通信手段。IPC的性能和安全性就成为了操作系统非常重要的指标。System services or middleware of general operating systems are usually built in user mode. Because the kernel cannot be too bloated, otherwise it will cause problems such as a larger attack surface and poor reliability and stability. Therefore, the microkernel architecture is becoming more and more popular in mainstream operating systems. In operating systems that have built middleware or more system services, inter-process communication (IPC) has become a very important means of communication. The performance and security of IPC have become very important indicators of operating systems.
例如,通过Linux内核提供的进程间通信方式(Unix domain socket,UDS)可以实现服务端进程获取客户端进程的抽象化身份信息(例如,UID、GID或者PID)。由于通过UDS传递身份信息时需要额外增加系统调用的开销。如图3所示,APP2必须花费至少一次额外的系统调用,从内核获取APP1的抽象化身份信息。这次系统调用会影响通信的时延和确定性。For example, the inter-process communication method (Unix domain socket, UDS) provided by the Linux kernel can enable the server process to obtain the abstract identity information (for example, UID, GID or PID) of the client process. Because the transmission of identity information through UDS requires additional system call overhead. As shown in Figure 3, APP2 must make at least one additional system call to obtain the abstract identity information of APP1 from the kernel. This system call will affect the latency and determinism of communication.
此外,通常的一次IPC的实现大多离不开内核或者可信基的帮助,当前的解决方案中身份信息的获
取无法和载荷数据的获取融合,需要额外的通信或者系统调用从内核获取对应进程的身份信息。同时,在车载面向服务化的场景中,抽象化的身份信息的传递不能很好地反映车载软件的服务化身份,从而为进一步访问控制的实现带来困难。In addition, the implementation of a common IPC usually requires the help of the kernel or a trusted base. The acquisition of identity information in the current solution is Access cannot be integrated with the acquisition of payload data, and additional communication or system calls are required to obtain the identity information of the corresponding process from the kernel. At the same time, in the vehicle-oriented service-oriented scenario, the transmission of abstract identity information cannot well reflect the service-oriented identity of the vehicle software, which brings difficulties to the implementation of further access control.
本申请实施例中,通过中间件的软件可信基构建身份信息的映射,并与内核的进程间通信框架整合,可以实现IPC中载荷数据和身份信息的绑定,有助于降低进程间通信的时延,也有助于提升通信的效率和确定性。In an embodiment of the present application, by constructing a mapping of identity information through the software trusted base of the middleware and integrating it with the inter-process communication framework of the kernel, the binding of payload data and identity information in IPC can be achieved, which helps to reduce the latency of inter-process communication and also helps to improve the efficiency and certainty of communication.
图4示出了本申请实施例提供的通信方法400的示意性流程图。该方法400可以由上述智能驾驶设备100执行,或者,该方法400可以由上述计算平台120执行,或者,该方法400可以由上述计算平台120中的片上系统(system-on-a-chip,SoC)执行,或者,该方法400可以由计算平台120中的处理器执行。该方法400包括:FIG4 shows a schematic flow chart of a communication method 400 provided in an embodiment of the present application. The method 400 may be executed by the intelligent driving device 100, or the method 400 may be executed by the computing platform 120, or the method 400 may be executed by a system-on-a-chip (SoC) in the computing platform 120, or the method 400 may be executed by a processor in the computing platform 120. The method 400 includes:
S410,在内核中为第一进程分配第一内存,该第一内存包括用于承载该第一进程的身份信息的内存。S410: Allocate a first memory for a first process in a kernel, where the first memory includes a memory for carrying identity information of the first process.
示例性的,该第一进程可以为客户端进程或者发起端进程。例如,该第一进程可以为图3中的应用程序1。Exemplarily, the first process may be a client process or an initiator process. For example, the first process may be the application 1 in FIG. 3 .
可选地,该方法400还包括:在该内核中为第一进程分配第二内存,该第二内存为用于承载载荷数据的内存。在从内核映射至用户态之前,可以不在该第二内存中填充载荷数据。这样可以实现载荷数据在映射过程中的零拷贝,从而有助于降低进程间通信的时延。Optionally, the method 400 further includes: allocating a second memory for the first process in the kernel, the second memory being a memory for carrying payload data. Before mapping from the kernel to the user state, the payload data may not be filled in the second memory. In this way, zero copy of the payload data during the mapping process can be achieved, thereby helping to reduce the latency of inter-process communication.
S420,将该第一进程的身份信息填入该第一内存中。S420: Fill the identity information of the first process into the first memory.
可选地,该第一进程的身份信息可以为第一进程的抽象化身份信息。Optionally, the identity information of the first process may be abstract identity information of the first process.
示例性的,该第一进程的抽象化身份信息包括但不限于UID、GID或者PID中的一个或者多个。Exemplarily, the abstract identity information of the first process includes but is not limited to one or more of UID, GID or PID.
可选地,该第一进程的身份信息可以为该第一进程的服务化身份信息。Optionally, the identity information of the first process may be service-based identity information of the first process.
示例性的,该第一进程的服务化身份信息包括但不限于用于定义该第一进程(如应用程序)的整车唯一标识信息。例如,第一进程的服务化身份信息可以包括该第一进程的部署信息(例如,应用程序所处的ECU的标识信息)。Exemplarily, the service-based identity information of the first process includes, but is not limited to, vehicle-wide unique identification information for defining the first process (such as an application). For example, the service-based identity information of the first process may include deployment information of the first process (for example, identification information of the ECU where the application is located).
可选地,该内核中保存有该第一进程的抽象化身份信息与该第一进程的服务化身份信息之间的映射关系,该方法400还包括:获取该第一进程的抽象化身份信息;根据该第一进程的抽象化身份信息以及该映射关系,确定该第一进程的服务化身份信息。Optionally, the kernel stores a mapping relationship between the abstract identity information of the first process and the service identity information of the first process. The method 400 also includes: obtaining the abstract identity information of the first process; and determining the service identity information of the first process based on the abstract identity information of the first process and the mapping relationship.
S430,对该第一内存进行映射,得到共享内存,以使得第二进程通过该共享内存获取该第一进程的身份信息。S430: Map the first memory to obtain a shared memory, so that the second process obtains the identity information of the first process through the shared memory.
示例性的,该第二进程可以为服务端进程或者接收端进程。Exemplarily, the second process may be a server process or a receiver process.
可选地,该对该第一内存进行映射,包括:将该第一内存从内核映射至用户态。Optionally, mapping the first memory includes: mapping the first memory from a kernel to a user state.
可选地,该方法400还包括:在该第一进程退出时,清理该映射关系。Optionally, the method 400 further includes: when the first process exits, clearing the mapping relationship.
本申请实施例中,在第一进程退出时,可以清理内核中保存的该映射关系,有助于避免第一进程的身份信息的泄露。In an embodiment of the present application, when the first process exits, the mapping relationship saved in the kernel can be cleared, which helps to avoid leakage of the identity information of the first process.
可选地,若S410中在第一内存中填入的是第一进程的抽象化身份信息,第二进程可以通过该共享内存获取第一进程的抽象化身份信息。第二进程可以将该第一进程的抽象化身份信息发送给EM。EM可以根据该第一进程的抽象化身份信息,向第二进程发送该第一进程的服务化身份信息。Optionally, if the abstract identity information of the first process is filled into the first memory in S410, the second process may obtain the abstract identity information of the first process through the shared memory. The second process may send the abstract identity information of the first process to the EM. The EM may send the service identity information of the first process to the second process based on the abstract identity information of the first process.
可选地,该方法400还包括:根据虚拟地址页表的属性信息,控制该第一进程和该的第二进程对该第一内存的可见性。Optionally, the method 400 further includes: controlling visibility of the first process and the second process to the first memory according to attribute information of the virtual address page table.
可选地,该根据虚拟地址页表的属性信息,控制该第一进程和该的第二进程对该第一内存的可见性,包括:根据该虚拟地址页表的属性信息,控制该第一进程对该第一内存不可见且控制该第二进程对该第一内存可读且不可写。Optionally, the visibility of the first process and the second process to the first memory is controlled according to the attribute information of the virtual address page table, including: according to the attribute information of the virtual address page table, the first process is controlled to be invisible to the first memory and the second process is controlled to be readable but not writable to the first memory.
本申请实施例中,通过控制第一进程对该第一内存不可见且控制第二进程对该第一内存可读且不可写,可以实现对第一进程的身份信息的保护,从而有助于有提升身份信息传递机制的安全性。In the embodiment of the present application, by controlling the first process to be invisible to the first memory and controlling the second process to be readable but not writable to the first memory, the identity information of the first process can be protected, thereby helping to improve the security of the identity information transmission mechanism.
可选地,该第一内存还包括用于承载该第一进程的载荷数据的内存,该方法400还包括:在该共享内存中填入该载荷数据,以使得该第二进程通过该共享内存获取该载荷数据。Optionally, the first memory also includes a memory for carrying payload data of the first process, and the method 400 further includes: filling the payload data in the shared memory, so that the second process obtains the payload data through the shared memory.
可选地,该第一内存包括第三内存和第四内存,该第三内存用于承载第一进程的身份信息且该四内存用于承载第一进程的载荷数据。可以在该第三内存中填入第一进程的身份信息且不在该第四内存中填入该第一进程的载荷数据。这样经过内核到用户态的映射后得到的共享内存中包括第一进程的身份信息
且不包括第一进程的载荷数据。第一进程可以在该共享内存中用于承载第一进程的载荷数据的内存中填入该第一进程的载荷数据。这样,实现了载荷数据在内存映射过程中的零拷贝。Optionally, the first memory includes a third memory and a fourth memory, the third memory is used to carry the identity information of the first process and the fourth memory is used to carry the payload data of the first process. The identity information of the first process can be filled in the third memory and the payload data of the first process is not filled in the fourth memory. In this way, the shared memory obtained after mapping from the kernel to the user state includes the identity information of the first process. And the payload data of the first process is not included. The first process can fill the payload data of the first process in the memory used to carry the payload data of the first process in the shared memory. In this way, zero copy of the payload data in the memory mapping process is achieved.
可选地,该第一内存中用于承载身份信息的内存的长度为预设长度。Optionally, the length of the memory in the first memory used to carry the identity information is a preset length.
本申请实施例中,可以实现用于承载身份信息的内存和用于承载载荷数据的内存解耦,从而可以实现用于承载身份信息的内存定长,第二进程可以快速获取该第一进程的身份信息,有助于提升进程间通信的效率,也有助于降低进程间通信的时延。同时,在从内核映射至用户态时,载荷数据全程零拷贝,也有助于进一步降低进程间通信的时延。In the embodiment of the present application, the memory used to carry identity information and the memory used to carry payload data can be decoupled, so that the fixed length of the memory used to carry identity information can be achieved, and the second process can quickly obtain the identity information of the first process, which helps to improve the efficiency of inter-process communication and also helps to reduce the latency of inter-process communication. At the same time, when mapping from the kernel to the user state, the payload data is zero-copied throughout the process, which also helps to further reduce the latency of inter-process communication.
可选地,该第二进程通过指针地址偏移获取该第一进程的身份信息。Optionally, the second process obtains the identity information of the first process through a pointer address offset.
本申请实施例中,用于承载身份信息的内存可以是定长的,这样第二进程可以通过指针地址偏移的方式快速获取第一进程的身份信息,有助于降低进程间通信的时延。In an embodiment of the present application, the memory used to carry identity information can be of fixed length, so that the second process can quickly obtain the identity information of the first process by means of pointer address offset, which helps to reduce the delay of communication between processes.
图5示出了本申请实施例提供的通信方法500的示意图。一次IPC传递的数据可以包括两个部分,例如载荷数据和通知信息,其中,载荷数据可以包括用于指示数据的内存地址的信息,接收端进程可以根据该内存地址读取数据;通知信息中可以包括发起端进程的身份信息。为了达到通信的极致性能,载荷数据可以在进程间通过零拷贝机制传递,例如共享内存。而通知信息的传递通常基于内核的某种同步机制实现,例如,管道,信号量或者socket等。本申请实施例中,身份信息的传递可以随着进程间的通知传递。FIG5 shows a schematic diagram of a communication method 500 provided in an embodiment of the present application. The data transmitted by an IPC may include two parts, such as payload data and notification information, wherein the payload data may include information indicating the memory address of the data, and the receiving process may read the data according to the memory address; the notification information may include the identity information of the initiating process. In order to achieve the ultimate performance of communication, the payload data may be transmitted between processes through a zero-copy mechanism, such as shared memory. The transmission of notification information is usually implemented based on some synchronization mechanism of the kernel, such as a pipe, a semaphore or a socket. In an embodiment of the present application, the transmission of identity information can be transmitted along with the notification between processes.
如图5所示,本申请实施例提供的进程间通信方法500可以包括如下步骤:As shown in FIG. 5 , the inter-process communication method 500 provided in the embodiment of the present application may include the following steps:
S501,执行管理模块(execution management,EM)从应用程序的配置文件获取应用程序的身份信息。S501, the execution management module (EM) obtains the identity information of the application from the configuration file of the application.
例如,该EM可以为图2所示的AutoSAR EM。EM可以用于提供应用程序在运行时所需要的环境变量,或者,也可以用于应用程序控制资源使用率。For example, the EM may be the AutoSAR EM shown in FIG2. The EM may be used to provide environment variables required by the application at runtime, or may be used by the application to control resource usage.
示例性的,图6示出了本申请实施例提供的进程间安全通信的示意图。应用程序在编译打包时可以生成配置文件,配置文件中可以包括应用程序的身份信息。For example, Fig. 6 shows a schematic diagram of secure inter-process communication provided by an embodiment of the present application. When the application is compiled and packaged, a configuration file may be generated, and the configuration file may include the identity information of the application.
可选地,应用程序的身份信息可以包括应用程序的抽象化身份信息和服务化身份信息。Optionally, the identity information of the application may include abstract identity information and service identity information of the application.
示例性的,应用程序的抽象化身份信息包括但不限于应用程序的UID、GID或者PID。Exemplarily, the abstract identity information of the application includes but is not limited to the UID, GID or PID of the application.
在通用操作系统中,进程的身份信息一般采用进程的ID表示,即PID。一些操作系统为不同的进程设置不同的UID,以UID作为进程的身份信息。由于车载场景涉及多种类型的操作系统以及多部件的整车身份体系,所以不论是PID还是UID都不能完整反映车载场景中进程的身份信息。而服务化身份信息可以更好的反应车载场景中进程的身份信息。In general operating systems, the identity information of a process is generally represented by the process ID, or PID. Some operating systems set different UIDs for different processes and use UID as the identity information of the process. Since the in-vehicle scenario involves multiple types of operating systems and a multi-component vehicle identity system, neither PID nor UID can fully reflect the identity information of the process in the in-vehicle scenario. Service-based identity information can better reflect the identity information of the process in the in-vehicle scenario.
示例性的,应用程序的服务化身份信息包括但不限于用于定义该应用程序的整车唯一标识信息。整车唯一标识信息可以是根据产品的需要定义的。例如,整车唯一标识信息中可以包括应用程序的部署信息(例如,应用程序所处的ECU的标识信息)。Exemplarily, the service-based identity information of the application includes, but is not limited to, the vehicle-wide unique identification information used to define the application. The vehicle-wide unique identification information may be defined according to product requirements. For example, the vehicle-wide unique identification information may include the deployment information of the application (e.g., the identification information of the ECU where the application is located).
示例性的,应用程序所处的ECU的标识信息可以为应用程序所处的ECU的编号。S502,EM在控制发起端进程(应用程序1)启动时,通过系统调用将进程的抽象化身份信息设置到内核的身份管理模块。Exemplarily, the identification information of the ECU where the application is located may be the serial number of the ECU where the application is located. S502, when the EM controls the start-up of the initiating end process (application 1), the EM sets the abstract identity information of the process to the identity management module of the kernel through a system call.
在车载场景中,客户端进程和服务端进程可以由EM统一拉起。EM与客户端进程和服务端进程之间均具有父子关系,所以EM具备所有进程的服务化身份信息。而这些服务化身份信息实际是源于用户静态配置的身份信息。最终这些服务化身份信息由EM注入到更高安全等级的内核中的身份管理模块中保存。In the vehicle scenario, the client process and the server process can be started by EM. EM has a parent-child relationship with the client process and the server process, so EM has the service identity information of all processes. These service identity information actually comes from the identity information statically configured by the user. Finally, these service identity information are injected by EM into the identity management module in the kernel with a higher security level for storage.
图7示出了本申请实施例提供的调用身份管理模块保存的服务化身份信息的示意图。如图7所示,EM在拉起进程时,通过系统调用将进程的抽象化身份信息设置到内核。内核中的身份管理模块可以建立进程的抽象化身份信息与服务化身份信息的映射关系。在进程退出时,EM可以通知身份管理模块完成身份信息的清理,避免资源泄露。图7中EM在拉起进程时,可以向身份管理模块发送指示信息1,该指示信息1用于指示身份管理模块建立进程的抽象化身份信息(例如,PID)与服务化身份信息(进程所处的ECU的标识信息)之间的映射关系。例如,身份管理模块在接收到该指示信息1时,可以建立进程的抽象化身份信息与服务化身份信息之间的映射关系。在进程退出时,EM可以向身份管理模块发送指示信息2,该指示信息2用于指示身份管理模块清理进程的抽象化身份信息和服务化身份信息的映射关系。例如,身份管理模块在接收到该指示信息2时,可以清理进程的抽象化身份信息和服务化身份信息的映射关系。FIG7 shows a schematic diagram of calling the service-based identity information saved by the identity management module provided in an embodiment of the present application. As shown in FIG7, when the EM starts the process, the abstract identity information of the process is set to the kernel through a system call. The identity management module in the kernel can establish a mapping relationship between the abstract identity information of the process and the service-based identity information. When the process exits, the EM can notify the identity management module to complete the cleanup of the identity information to avoid resource leakage. When the EM in FIG7 starts the process, the EM can send an indication message 1 to the identity management module, and the indication message 1 is used to instruct the identity management module to establish a mapping relationship between the abstract identity information (for example, PID) of the process and the service-based identity information (the identification information of the ECU where the process is located). For example, when the identity management module receives the indication message 1, it can establish a mapping relationship between the abstract identity information of the process and the service-based identity information. When the process exits, the EM can send an indication message 2 to the identity management module, and the indication message 2 is used to instruct the identity management module to clean up the mapping relationship between the abstract identity information of the process and the service-based identity information. For example, when the identity management module receives the indication message 2, it can clean up the mapping relationship between the abstract identity information of the process and the service-based identity information.
S503,EM控制发起端进程(应用程序1)启动。S503, the EM controls the initiator process (application 1) to start.
EM控制应用程序1启动还可以理解为EM拉起应用程序1。
EM controlling the start of application 1 can also be understood as EM launching application 1 .
S504,发起端进程(应用程序1)指示IPC驱动进行IPC初始化。S504, the initiator process (application 1) instructs the IPC driver to perform IPC initialization.
应用程序1指示IPC驱动进行IPC初始化还可以理解为应用程序1调用IPC初始化接口。如图6所示,IPC驱动句柄(IPC handle)为IPC驱动初始化的返回值。Application 1 instructing the IPC driver to perform IPC initialization can also be understood as application 1 calling the IPC initialization interface. As shown in Figure 6, the IPC driver handle (IPC handle) is the return value of the IPC driver initialization.
S505,IPC驱动接收到IPC初始化的指示,为发起端进程(应用程序1)分配通知内存块。S505, the IPC driver receives the instruction of IPC initialization and allocates a notification memory block for the initiator process (application 1).
以上通知内存块可以为上述方法400中的第一内存。The above notification memory block may be the first memory in the above method 400 .
一个实施例中,该通知内存块中可以包括身份数据内存,其中,身份数据内存可以用于承载应用程序1的身份信息。In one embodiment, the notification memory block may include an identity data memory, wherein the identity data memory may be used to carry identity information of the application 1 .
一个实施例中,该通知内存块可以包括用于承载载荷数据的内存以及该身份数据内存。In one embodiment, the notification memory block may include a memory for carrying payload data and the identity data memory.
S506,IPC驱动从身份管理模块中获取发起端进程(应用程序1)的身份信息并填入身份数据内存中。S506, the IPC driver obtains the identity information of the initiator process (application 1) from the identity management module and fills it into the identity data memory.
身份管理模块与EM建立了上述身份信息的映射关系之后,内核就具备了获取进程的抽象化身份信息的能力。当发生IPC初始化时,IPC驱动可以从身份管理模块获取应用程序1的服务化身份信息,并将IPC handle与应用程序1的服务化身份信息绑定。After the identity management module and EM establish the mapping relationship of the above identity information, the kernel has the ability to obtain the abstract identity information of the process. When IPC initialization occurs, the IPC driver can obtain the service identity information of application 1 from the identity management module and bind the IPC handle to the service identity information of application 1.
由于IPC驱动和身份管理模块均在内核,所以身份管理模块可以通过应用程序1的任务控制块(task control block,TCB)获取应用程序1的抽象化身份信息(例如,PID),进而根据上述抽象化身份信息与服务化身份信息之间的映射关系获取到EM注入的应用程序1的服务化身份信息。该服务化身份信息可以被IPC驱动模块填充到身份数据内存中。Since both the IPC driver and the identity management module are in the kernel, the identity management module can obtain the abstract identity information (e.g., PID) of application 1 through the task control block (TCB) of application 1, and then obtain the service identity information of application 1 injected by EM according to the mapping relationship between the abstract identity information and the service identity information. The service identity information can be filled into the identity data memory by the IPC driver module.
S507,IPC驱动为发送端进程(应用程序1)和接收端进程(应用程序2)进行内存映射,得到共享内存并在通信两端的IPC描述块(notification blocks)中记录该映射信息。S507, the IPC driver performs memory mapping for the sending process (application 1) and the receiving process (application 2), obtains shared memory and records the mapping information in the IPC description blocks (notification blocks) at both ends of the communication.
一个实施例中,由于身份数据内存是由IPC驱动为两端的进程映射的,所以通过控制映射的虚拟地址页表,IPC驱动可以控制该身份数据内存在两端进程的可见性。In one embodiment, since the identity data memory is mapped by the IPC driver for the processes at both ends, the IPC driver can control the visibility of the identity data memory in the processes at both ends by controlling the mapped virtual address page table.
示例性的,图8示出了本申请实施例提供的IPC驱动控制身份数据内存在两端进程的可见性的示意图。如图8所示,发起端进程(应用程序1)对该身份数据内存不可见,接收端进程(应用程序2)对该身份数据内存可读且不可写。For example, Figure 8 shows a schematic diagram of the visibility of the identity data memory in the two end processes provided by the IPC driver provided in the embodiment of the present application. As shown in Figure 8, the initiating end process (application 1) is not visible to the identity data memory, and the receiving end process (application 2) can read but not write to the identity data memory.
一个实施例中,IPC驱动通过设置虚拟地址页表的属性信息,可以控制两端进程对该身份数据内存的可见性。In one embodiment, the IPC driver can control the visibility of the identity data memory to the processes at both ends by setting the attribute information of the virtual address page table.
示例性的,IPC驱动通过设置虚拟地址页表的属性信息,可以控制应用程序1对该身份数据内存不可见且控制应用程序2对该身份数据内存可读且不可写。Exemplarily, the IPC driver can control the application 1 to be invisible to the identity data memory and control the application 2 to be readable but not writable to the identity data memory by setting the attribute information of the virtual address page table.
本申请实施例中,由于身份机制的安全性高,通信两端可以实现严格单向的零信任模型。接收端进程可以对发起端进程零信任,接收端进程可以安全高效地获取发起端进程的身份信息。In the embodiment of the present application, due to the high security of the identity mechanism, the two ends of the communication can implement a strictly one-way zero-trust model. The receiving end process can have zero trust in the initiating end process, and the receiving end process can safely and efficiently obtain the identity information of the initiating end process.
S508,发起端进程(应用程序1)在共享内存中写入载荷数据。S508, the initiator process (application 1) writes the payload data into the shared memory.
一个实施例中,在将通知内存块从内核映射至用户态后,可以得到共享内存。发起端进程(应用程序1)在共享内存中用于承载载荷数据的内存中写入载荷数据。In one embodiment, after mapping the notification memory block from the kernel to the user state, the shared memory can be obtained. The initiator process (application 1) writes the payload data into the memory used to carry the payload data in the shared memory.
一个实施例中,该载荷数据中可以包括用于指示数据的内存地址的信息。In one embodiment, the payload data may include information for indicating a memory address of the data.
S509,发起端进程(应用程序1)使用内核同步机制向接收端进程(应用程序2)发送通知。S509, the initiating end process (application 1) sends a notification to the receiving end process (application 2) using the kernel synchronization mechanism.
示例性的,该内核同步机制包括Futex机制。Exemplarily, the kernel synchronization mechanism includes a Futex mechanism.
应理解,发起端进程通过内核同步机制向接收端进程发送通知的过程可以参考现有技术中的实现方式,本申请实施例中对此不作具体限定。It should be understood that the process of the initiator process sending a notification to the receiver process through the kernel synchronization mechanism can refer to the implementation method in the prior art, and this is not specifically limited in the embodiments of the present application.
S510,接收端进程(应用程序2)通过共享内存读取发送端进程(应用程序1)的载荷数据和身份信息。S510, the receiving end process (application 2) reads the payload data and identity information of the sending end process (application 1) through the shared memory.
图9示出了本申请实施例提供的接收端进程通过指针地址偏移获取发起端进程的身份信息的示意图。IPC驱动在进行内存映射时,可以确定整个通知内存块序列的虚拟地址连续。这样,接收端进程可以简单地使用指针地址偏移进而访问身份数据内存,从而获取发起端进程的身份信息。FIG9 shows a schematic diagram of a receiving end process obtaining the identity information of an initiating end process through a pointer address offset provided by an embodiment of the present application. When the IPC driver performs memory mapping, it can determine that the virtual addresses of the entire notification memory block sequence are continuous. In this way, the receiving end process can simply use the pointer address offset to access the identity data memory, thereby obtaining the identity information of the initiating end process.
示例性的,如图9所示,通知内存块可以是定长的(例如,8KB),其中用于承载载荷数据的内存的长度可以为6KB,身份数据内存的长度可以为2KB。Exemplarily, as shown in FIG. 9 , the notification memory block may be of fixed length (eg, 8 KB), wherein the length of the memory used to carry the payload data may be 6 KB, and the length of the identity data memory may be 2 KB.
本申请实施例中,用于承载载荷数据的内存与身份数据内存之间可以进行解耦,从而可以做到身份数据内存定长,且载荷数据全程零拷贝。In the embodiment of the present application, the memory used to carry the payload data can be decoupled from the identity data memory, so that the identity data memory can be fixed-length and the payload data can be zero-copy throughout the process.
用于承载载荷数据的内存与身份数据内存在IPC初始化时一次性分配,身份数据内存在分配时一次性填充完成,无需接收端进程再次陷入内核获取发起端进程的身份信息,减少了身份传递机制在整个通
信过程中对通信性能的影响。The memory used to carry the payload data and the identity data memory are allocated once when the IPC is initialized. The identity data memory is filled once when it is allocated. The receiving process does not need to fall into the kernel again to obtain the identity information of the initiating process, which reduces the identity transmission mechanism in the entire communication. The impact of the communication process on communication performance.
一个实施例中,接收端进程(应用程序2)可以基于中间件访问控制机制和从共享内存中获取的发起端进程(应用程序1)的身份信息,验证发起端进程的访问权限。In one embodiment, the receiving end process (application 2) can verify the access rights of the initiating end process based on the middleware access control mechanism and the identity information of the initiating end process (application 1) obtained from the shared memory.
一个实施例中,在上述访问权限允许的情况下,接收端进程(应用程序2)可以获取共享内存中的载荷数据。接收端进程(应用程序2)还可以根据载荷数据中指示的数据的内存地址,访问数据内存。In one embodiment, if the access permission is allowed, the receiving end process (application 2) can obtain the payload data in the shared memory. The receiving end process (application 2) can also access the data memory according to the memory address of the data indicated in the payload data.
本申请实施例中,共享内存是由内核映射给用户态进程使用的,接收端进程被通知唤醒后,可以通过该共享内存获取发起端进程的身份信息。这样,无需接收端进程再次陷入内核来获取发送端进程的身份信息,有助于降低进程间通信的时延,也有助于提升通信的效率和确定性。In the embodiment of the present application, the shared memory is mapped by the kernel to the user-mode process for use. After the receiving end process is notified and awakened, the identity information of the initiating end process can be obtained through the shared memory. In this way, the receiving end process does not need to fall into the kernel again to obtain the identity information of the sending end process, which helps to reduce the delay of inter-process communication and also helps to improve the efficiency and certainty of communication.
本申请实施例还提供用于实现以上任一种方法的装置,例如,提供一种装置包括用以实现以上任一种方法中智能驾驶设备或者计算平台所执行的各步骤的单元(或手段)。An embodiment of the present application also provides a device for implementing any of the above methods. For example, a device is provided including units (or means) for implementing each step performed by an intelligent driving device or a computing platform in any of the above methods.
图10示出了本申请实施例提供的通信装置1000的示意性框图。如图10所示,该通信装置1000包括:FIG10 shows a schematic block diagram of a communication device 1000 provided in an embodiment of the present application. As shown in FIG10 , the communication device 1000 includes:
内存分配单元1010,用于在内核中为第一进程分配第一内存,该第一内存包括用于承载该第一进程的身份信息的内存;A memory allocation unit 1010, configured to allocate a first memory to a first process in the kernel, wherein the first memory includes a memory for carrying identity information of the first process;
数据填充单元1020,用于将该第一进程的身份信息填入该第一内存中;A data filling unit 1020, configured to fill the identity information of the first process into the first memory;
数据映射单元1030,用于对该第一内存进行映射,得到共享内存,以使得第二进程通过该共享内存获取该第一进程的身份信息。The data mapping unit 1030 is used to map the first memory to obtain a shared memory, so that the second process obtains the identity information of the first process through the shared memory.
可选地,该第一进程的身份信息包括该第一进程的服务化身份信息。Optionally, the identity information of the first process includes service-based identity information of the first process.
可选地,该内核中保存有该第一进程的抽象化身份信息与该第一进程的服务化身份信息之间的映射关系,该装置1000还包括:获取单元,用于获取该第一进程的抽象化身份信息;确定单元,用于根据该第一进程的抽象化身份信息以及该映射关系,确定该第一进程的服务化身份信息。Optionally, the kernel stores a mapping relationship between the abstract identity information of the first process and the service identity information of the first process, and the device 1000 also includes: an acquisition unit for acquiring the abstract identity information of the first process; a determination unit for determining the service identity information of the first process based on the abstract identity information of the first process and the mapping relationship.
可选地,该装置1000还包括:数据清理单元,用于在该第一进程退出时,清理该映射关系。Optionally, the device 1000 further includes: a data cleaning unit, configured to clean up the mapping relationship when the first process exits.
可选地,该装置1000还包括:控制单元,用于根据虚拟地址页表的属性信息,控制该第一进程和该的第二进程对该第一内存的可见性。Optionally, the device 1000 further includes: a control unit, configured to control visibility of the first process and the second process to the first memory according to attribute information of the virtual address page table.
可选地,该控制单元,用于:根据该虚拟地址页表的属性信息,控制该第一进程对该第一内存不可见且控制该第二进程对该第一内存可读且不可写。Optionally, the control unit is used to: control the first process to be invisible to the first memory and control the second process to be readable but not writable to the first memory according to attribute information of the virtual address page table.
可选地,该第一内存还包括用于承载该第一进程的载荷数据的内存,该数据填充单元1020,还用于:在该共享内存中填入该载荷数据,以使得该第二进程通过该共享内存获取该载荷数据。Optionally, the first memory also includes a memory for carrying the payload data of the first process, and the data filling unit 1020 is further used to fill the payload data in the shared memory so that the second process obtains the payload data through the shared memory.
可选地,该第二进程通过指针地址偏移获取该第一进程的身份信息。Optionally, the second process obtains the identity information of the first process through a pointer address offset.
例如,内存分配单元1010可以是图1中的计算平台或者计算平台中的处理电路、处理器或者控制器。以内存分配单元1010为计算平台中的处理器121为例,处理器121可以在内核中为第一进程分配第一内存。For example, the memory allocation unit 1010 may be the computing platform in Figure 1 or a processing circuit, processor or controller in the computing platform. Taking the memory allocation unit 1010 as the processor 121 in the computing platform as an example, the processor 121 may allocate the first memory for the first process in the kernel.
又例如,数据填充单元1020可以是图1中的计算平台或者计算平台中的处理电路、处理器或者控制器。以数据填充单元1020为计算平台中的处理器122为例,处理器122可以在处理器121在内核中分配的第一内存中填入该第一进程的身份信息。For another example, the data filling unit 1020 may be the computing platform in Figure 1 or a processing circuit, processor or controller in the computing platform. Taking the data filling unit 1020 as the processor 122 in the computing platform as an example, the processor 122 may fill the identity information of the first process in the first memory allocated by the processor 121 in the kernel.
又例如,数据映射单元1030可以是图1中的计算平台或者计算平台中的处理电路、处理器或者控制器。以数据映射单元1030为计算平台中的处理器12n为例,处理器12n可以对该第一内存进行映射,得到共享内存,以使得第二进程通过该共享内存获取该第一进程的身份信息。例如,处理器12n可以将内核态的第一内存映射至用户态,从而使得第二进程通过映射至用户态的共享内存获取第一进程的身份信息。For another example, the data mapping unit 1030 may be the computing platform in FIG1 or a processing circuit, a processor, or a controller in the computing platform. Taking the data mapping unit 1030 as the processor 12n in the computing platform as an example, the processor 12n may map the first memory to obtain a shared memory, so that the second process obtains the identity information of the first process through the shared memory. For example, the processor 12n may map the first memory in the kernel state to the user state, so that the second process obtains the identity information of the first process through the shared memory mapped to the user state.
以上内存分配单元1010所实现的功能、数据填充单元1020所实现的功能和数据映射单元1030所实现的功能可以分别由不同的处理器实现,或者,也可以是部分功能由相同的处理器实现,或者,还可以所有功能均由相同的处理器实现,本申请实施例对此不作限定。The functions implemented by the above memory allocation unit 1010, the functions implemented by the data filling unit 1020 and the functions implemented by the data mapping unit 1030 can be implemented by different processors respectively, or some functions can be implemented by the same processor, or all functions can be implemented by the same processor, and the embodiments of the present application are not limited to this.
应理解以上装置中各单元的划分仅是一种逻辑功能的划分,实际实现时可以全部或部分集成到一个物理实体上,也可以物理上分开。此外,装置中的单元可以以处理器调用软件的形式实现;例如装置包括处理器,处理器与存储器连接,存储器中存储有指令,处理器调用存储器中存储的指令,以实现以上任一种方法或实现该装置各单元的功能,其中处理器例如为通用处理器,例如CPU或微处理器,存储器为装置内的存储器或装置外的存储器。或者,装置中的单元可以以硬件电路的形式实现,可以通过对硬件电路的设计实现部分或全部单元的功能,该硬件电路可以理解为一个或多个处理器;例如,在一种实
现中,该硬件电路为ASIC,通过对电路内元件逻辑关系的设计,实现以上部分或全部单元的功能;再如,在另一种实现中,该硬件电路为可以通过PLD实现,以FPGA为例,其可以包括大量逻辑门电路,通过配置文件来配置逻辑门电路之间的连接关系,从而实现以上部分或全部单元的功能。以上装置的所有单元可以全部通过处理器调用软件的形式实现,或全部通过硬件电路的形式实现,或部分通过处理器调用软件的形式实现,剩余部分通过硬件电路的形式实现。It should be understood that the division of the units in the above device is only a division of logical functions. In actual implementation, they can be fully or partially integrated into one physical entity, or they can be physically separated. In addition, the units in the device can be implemented in the form of a processor calling software; for example, the device includes a processor, the processor is connected to a memory, the memory stores instructions, and the processor calls the instructions stored in the memory to implement any of the above methods or to implement the functions of the units of the device, wherein the processor is, for example, a general-purpose processor, such as a CPU or a microprocessor, and the memory is a memory inside the device or a memory outside the device. Alternatively, the units in the device can be implemented in the form of hardware circuits, and the functions of some or all units can be realized by designing the hardware circuits. The hardware circuit can be understood as one or more processors; for example, in one implementation In the present invention, the hardware circuit is an ASIC, and the functions of some or all of the above units are realized by designing the logical relationship of the components in the circuit; for example, in another implementation, the hardware circuit can be realized by PLD, taking FPGA as an example, which can include a large number of logic gate circuits, and the connection relationship between the logic gate circuits is configured by the configuration file, so as to realize the functions of some or all of the above units. All units of the above device can be realized in the form of software called by the processor, or in the form of hardware circuit, or in part by software called by the processor, and the rest by hardware circuit.
在本申请实施例中,处理器是一种具有信号的处理能力的电路,在一种实现中,处理器可以是具有指令读取与运行能力的电路,例如CPU、微处理器、GPU、或DSP等;在另一种实现中,处理器可以通过硬件电路的逻辑关系实现一定功能,该硬件电路的逻辑关系是固定的或可以重构的,例如处理器为ASIC或PLD实现的硬件电路,例如FPGA。在可重构的硬件电路中,处理器加载配置文档,实现硬件电路配置的过程,可以理解为处理器加载指令,以实现以上部分或全部单元的功能的过程。此外,还可以是针对人工智能设计的硬件电路,其可以理解为一种ASIC,例如NPU、TPU、DPU等。In an embodiment of the present application, a processor is a circuit with the ability to process signals. In one implementation, the processor may be a circuit with the ability to read and run instructions, such as a CPU, a microprocessor, a GPU, or a DSP; in another implementation, the processor may implement certain functions through the logical relationship of a hardware circuit, and the logical relationship of the hardware circuit is fixed or reconfigurable, such as a hardware circuit implemented by an ASIC or PLD, such as an FPGA. In a reconfigurable hardware circuit, the process of the processor loading a configuration document to implement the hardware circuit configuration can be understood as the process of the processor loading instructions to implement the functions of some or all of the above units. In addition, it can also be a hardware circuit designed for artificial intelligence, which can be understood as an ASIC, such as an NPU, TPU, DPU, etc.
可见,以上装置中的各单元可以是被配置成实施以上方法的一个或多个处理器(或处理电路),例如:CPU、GPU、NPU、TPU、DPU、微处理器、DSP、ASIC、FPGA,或这些处理器形式中至少两种的组合。It can be seen that each unit in the above device can be one or more processors (or processing circuits) configured to implement the above method, such as: CPU, GPU, NPU, TPU, DPU, microprocessor, DSP, ASIC, FPGA, or a combination of at least two of these processor forms.
此外,以上装置中的各单元可以全部或部分可以集成在一起,或者可以独立实现。在一种实现中,这些单元集成在一起,以SOC的形式实现。该SOC中可以包括至少一个处理器,用于实现以上任一种方法或实现该装置各单元的功能,该至少一个处理器的种类可以不同,例如包括CPU和FPGA,CPU和人工智能处理器,CPU和GPU等。In addition, all or part of the units in the above device can be integrated together, or can be implemented independently. In one implementation, these units are integrated together and implemented in the form of a SOC. The SOC may include at least one processor for implementing any of the above methods or implementing the functions of each unit of the device. The type of the at least one processor may be different, for example, including a CPU and an FPGA, a CPU and an artificial intelligence processor, a CPU and a GPU, etc.
本申请实施例还提供了一种装置,该装置包括处理单元和存储单元,其中存储单元用于存储指令,处理单元执行存储单元所存储的指令,以使该装置执行上述实施例执行的方法或者步骤。An embodiment of the present application also provides a device, which includes a processing unit and a storage unit, wherein the storage unit is used to store instructions, and the processing unit executes the instructions stored in the storage unit so that the device executes the method or steps executed by the above embodiment.
可选地,若该装置位于智能驾驶设备中,上述处理单元可以是图1所示的处理器121-12n。Optionally, if the device is located in an intelligent driving device, the processing unit may be the processor 121 - 12n shown in FIG. 1 .
本申请实施例还提供了一种智能驾驶设备,该智能驾驶设备可以包括上述通信装置1000。An embodiment of the present application also provides an intelligent driving device, which may include the above-mentioned communication device 1000.
可选地,该智能驾驶设备可以为车辆。Optionally, the intelligent driving device may be a vehicle.
本申请实施例还提供了一种计算机程序产品,所述计算机程序产品包括:计算机程序代码,当所述计算机程序代码在计算机上运行时,使得计算机执行上述方法。The embodiment of the present application further provides a computer program product, which includes: a computer program code, and when the computer program code is executed on a computer, the computer executes the above method.
本申请实施例还提供了一种计算机可读介质,所述计算机可读介质存储有程序代码,当所述计算机程序代码在计算机上运行时,使得计算机执行上述方法。The embodiment of the present application further provides a computer-readable medium, wherein the computer-readable medium stores a program code. When the computer program code is executed on a computer, the computer executes the above method.
在实现过程中,上述方法的各步骤可以通过处理器中的硬件的集成逻辑电路或者软件形式的指令完成。结合本申请实施例所公开的方法可以直接体现为硬件处理器执行完成,或者用处理器中的硬件及软件模块组合执行完成。软件模块可以位于随机存储器,闪存、只读存储器,可编程只读存储器或者上电可擦写可编程存储器、寄存器等本领域成熟的存储介质中。该存储介质位于存储器,处理器读取存储器中的信息,结合其硬件完成上述方法的步骤。为避免重复,这里不再详细描述。In the implementation process, each step of the above method can be completed by an integrated logic circuit of hardware in a processor or an instruction in the form of software. The method disclosed in conjunction with the embodiment of the present application can be directly embodied as a hardware processor for execution, or a combination of hardware and software modules in a processor for execution. The software module can be located in a mature storage medium in the art such as a random access memory, a flash memory, a read-only memory, a programmable read-only memory, or a power-on erasable programmable memory, a register, etc. The storage medium is located in a memory, and the processor reads the information in the memory and completes the steps of the above method in conjunction with its hardware. To avoid repetition, it is not described in detail here.
应理解,本申请实施例中,该存储器可以包括只读存储器和随机存取存储器,并向处理器提供指令和数据。It should be understood that in the embodiment of the present application, the memory may include a read-only memory and a random access memory, and provide instructions and data to the processor.
还应理解,在本申请的各种实施例中,上述各过程的序号的大小并不意味着执行顺序的先后,各过程的执行顺序应以其功能和内在逻辑确定,而不应对本申请实施例的实施过程构成任何限定。It should also be understood that in the various embodiments of the present application, the size of the serial numbers of the above-mentioned processes does not mean the order of execution. The execution order of each process should be determined by its function and internal logic, and should not constitute any limitation on the implementation process of the embodiments of the present application.
本领域普通技术人员可以意识到,结合本文中所公开的实施例描述的各示例的单元及算法步骤,能够以电子硬件、或者计算机软件和电子硬件的结合来实现。这些功能究竟以硬件还是软件方式来执行,取决于技术方案的特定应用和设计约束条件。专业技术人员可以对每个特定的应用来使用不同方法来实现所描述的功能,但是这种实现不应认为超出本申请的范围。Those of ordinary skill in the art will appreciate that the units and algorithm steps of each example described in conjunction with the embodiments disclosed herein can be implemented in electronic hardware, or a combination of computer software and electronic hardware. Whether these functions are performed in hardware or software depends on the specific application and design constraints of the technical solution. Professional and technical personnel can use different methods to implement the described functions for each specific application, but such implementation should not be considered to be beyond the scope of this application.
所属领域的技术人员可以清楚地了解到,为描述的方便和简洁,上述描述的系统、装置和单元的具体工作过程,可以参考前述方法实施例中的对应过程,在此不再赘述。Those skilled in the art can clearly understand that, for the convenience and brevity of description, the specific working processes of the systems, devices and units described above can refer to the corresponding processes in the aforementioned method embodiments and will not be repeated here.
在本申请所提供的几个实施例中,应该理解到,所揭露的系统、装置和方法,可以通过其它的方式实现。例如,以上所描述的装置实施例仅仅是示意性的,例如,所述单元的划分,仅仅为一种逻辑功能划分,实际实现时可以有另外的划分方式,例如多个单元或组件可以结合或者可以集成到另一个系统,或一些特征可以忽略,或不执行。另一点,所显示或讨论的相互之间的耦合或直接耦合或通信连接可以是通过一些接口,装置或单元的间接耦合或通信连接,可以是电性,机械或其它的形式。In the several embodiments provided in the present application, it should be understood that the disclosed systems, devices and methods can be implemented in other ways. For example, the device embodiments described above are only schematic. For example, the division of the units is only a logical function division. There may be other division methods in actual implementation, such as multiple units or components can be combined or integrated into another system, or some features can be ignored or not executed. Another point is that the mutual coupling or direct coupling or communication connection shown or discussed can be through some interfaces, indirect coupling or communication connection of devices or units, which can be electrical, mechanical or other forms.
所述作为分离部件说明的单元可以是或者也可以不是物理上分开的,作为单元显示的部件可以是或者也可以不是物理单元,即可以位于一个地方,或者也可以分布到多个网络单元上。可以根据实际的需
要选择其中的部分或者全部单元来实现本实施例方案的目的。The units described as separate components may or may not be physically separated, and the components shown as units may or may not be physical units, that is, they may be located in one place or distributed over multiple network units. Some or all of the units may be selected to achieve the purpose of the solution of this embodiment.
另外,在本申请各个实施例中的各功能单元可以集成在一个处理单元中,也可以是各个单元单独物理存在,也可以两个或两个以上单元集成在一个单元中。In addition, each functional unit in each embodiment of the present application may be integrated into one processing unit, or each unit may exist physically separately, or two or more units may be integrated into one unit.
所述功能如果以软件功能单元的形式实现并作为独立的产品销售或使用时,可以存储在一个计算机可读取存储介质中。基于这样的理解,本申请的技术方案本质上或者说对现有技术做出贡献的部分或者该技术方案的部分可以以软件产品的形式体现出来,该计算机软件产品存储在一个存储介质中,包括若干指令用以使得一台计算机设备(可以是个人计算机,服务器,或者网络设备等)执行本申请各个实施例所述方法的全部或部分步骤。而前述的存储介质包括:U盘、移动硬盘、只读存储器(read-only memory,ROM)、随机存取存储器(random access memory,RAM)、磁碟或者光盘等各种可以存储程序代码的介质。If the functions are implemented in the form of software functional units and sold or used as independent products, they can be stored in a computer-readable storage medium. Based on this understanding, the technical solution of the present application, or the part that contributes to the prior art or the part of the technical solution, can be embodied in the form of a software product. The computer software product is stored in a storage medium, including several instructions for a computer device (which can be a personal computer, server, or network device, etc.) to perform all or part of the steps of the methods described in each embodiment of the present application. The aforementioned storage media include: U disk, mobile hard disk, read-only memory (ROM), random access memory (RAM), disk or optical disk, and other media that can store program codes.
以上所述,仅为本申请的具体实施方式,但本申请的保护范围并不局限于此,任何熟悉本技术领域的技术人员在本申请揭露的技术范围内,可轻易想到变化或替换,都应涵盖。在本申请的保护范围之内。因此,本申请的保护范围应以所述权利要求的保护范围为准。
The above is only a specific implementation of the present application, but the protection scope of the present application is not limited thereto. Any technician familiar with the technical field can easily think of changes or substitutions within the technical scope disclosed in the present application, which should be covered. Within the protection scope of the present application. Therefore, the protection scope of the present application shall be based on the protection scope of the claims.
Claims (21)
- 一种通信方法,其特征在于,包括:A communication method, comprising:在内核中为第一进程分配第一内存,所述第一内存包括用于承载所述第一进程的身份信息的内存;Allocate a first memory for a first process in a kernel, wherein the first memory includes a memory for carrying identity information of the first process;将所述第一进程的身份信息填入所述第一内存中;Filling the identity information of the first process into the first memory;对所述第一内存进行映射,得到共享内存,以使得第二进程通过所述共享内存获取所述第一进程的身份信息。The first memory is mapped to obtain a shared memory, so that the second process obtains the identity information of the first process through the shared memory.
- 根据权利要求1所述的方法,其特征在于,所述第一进程的身份信息包括所述第一进程的服务化身份信息。The method according to claim 1 is characterized in that the identity information of the first process includes service-based identity information of the first process.
- 根据权利要求2所述的方法,其特征在于,所述内核中保存有所述第一进程的抽象化身份信息与所述第一进程的服务化身份信息之间的映射关系,所述方法还包括:The method according to claim 2 is characterized in that the kernel stores a mapping relationship between the abstract identity information of the first process and the service identity information of the first process, and the method further comprises:获取所述第一进程的抽象化身份信息;Obtaining abstract identity information of the first process;根据所述第一进程的抽象化身份信息以及所述映射关系,确定所述第一进程的服务化身份信息。The service identity information of the first process is determined according to the abstract identity information of the first process and the mapping relationship.
- 根据权利要求3所述的方法,其特征在于,所述方法还包括:The method according to claim 3, characterized in that the method further comprises:在所述第一进程退出时,清理所述映射关系。When the first process exits, the mapping relationship is cleared.
- 根据权利要求1至4中任一项所述的方法,其特征在于,所述方法还包括:The method according to any one of claims 1 to 4, characterized in that the method further comprises:根据虚拟地址页表的属性信息,控制所述第一进程和所述的第二进程对所述第一内存的可见性。According to the attribute information of the virtual address page table, visibility of the first process and the second process to the first memory is controlled.
- 根据权利要求5所述的方法,其特征在于,所述根据虚拟地址页表的属性信息,控制所述第一进程和所述的第二进程对所述第一内存的可见性,包括:The method according to claim 5, characterized in that controlling the visibility of the first process and the second process to the first memory according to the attribute information of the virtual address page table comprises:根据所述虚拟地址页表的属性信息,控制所述第一进程对所述第一内存不可见且控制所述第二进程对所述第一内存可读且不可写。According to the attribute information of the virtual address page table, the first process is controlled to be invisible to the first memory and the second process is controlled to be readable but not writable to the first memory.
- 根据权利要求1至6中任一项所述的方法,其特征在于,所述第一内存还包括用于承载所述第一进程的载荷数据的内存,所述方法还包括:The method according to any one of claims 1 to 6, characterized in that the first memory also includes a memory for carrying payload data of the first process, and the method further includes:在所述共享内存中填入所述载荷数据,以使得所述第二进程通过所述共享内存获取所述载荷数据。The payload data is filled in the shared memory, so that the second process obtains the payload data through the shared memory.
- 根据权利要求1至7中任一项所述的方法,其特征在于,所述第二进程通过指针地址偏移获取所述第一进程的身份信息。The method according to any one of claims 1 to 7 is characterized in that the second process obtains the identity information of the first process through a pointer address offset.
- 一种通信装置,其特征在于,包括:A communication device, comprising:内存分配单元,用于在内核中为第一进程分配第一内存,所述第一内存包括用于承载所述第一进程的身份信息的内存;a memory allocation unit, configured to allocate a first memory for a first process in a kernel, wherein the first memory includes a memory for carrying identity information of the first process;数据填充单元,用于将所述第一进程的身份信息填入所述第一内存中;A data filling unit, used to fill the identity information of the first process into the first memory;数据映射单元,用于对所述第一内存进行映射,得到共享内存,以使得第二进程通过所述共享内存获取所述第一进程的身份信息。A data mapping unit is used to map the first memory to obtain a shared memory, so that the second process obtains the identity information of the first process through the shared memory.
- 根据权利要求9所述的装置,其特征在于,所述第一进程的身份信息包括所述第一进程的服务化身份信息。The device according to claim 9 is characterized in that the identity information of the first process includes service-based identity information of the first process.
- 根据权利要求10所述的装置,其特征在于,所述内核中保存有所述第一进程的抽象化身份信息与所述第一进程的服务化身份信息之间的映射关系,所述装置还包括:The device according to claim 10, characterized in that the kernel stores a mapping relationship between the abstract identity information of the first process and the service identity information of the first process, and the device further comprises:获取单元,用于获取所述第一进程的抽象化身份信息;An acquiring unit, configured to acquire the abstract identity information of the first process;确定单元,用于根据所述第一进程的抽象化身份信息以及所述映射关系,确定所述第一进程的服务化身份信息。A determining unit is used to determine the service identity information of the first process according to the abstract identity information of the first process and the mapping relationship.
- 根据权利要求11所述的装置,其特征在于,所述装置还包括:The device according to claim 11, characterized in that the device further comprises:数据清理单元,用于在所述第一进程退出时,清理所述映射关系。A data cleaning unit is used to clean up the mapping relationship when the first process exits.
- 根据权利要求9至12中任一项所述的装置,其特征在于,所述装置还包括:The device according to any one of claims 9 to 12, characterized in that the device further comprises:控制单元,用于根据虚拟地址页表的属性信息,控制所述第一进程和所述的第二进程对所述第一内存的可见性。A control unit is used to control visibility of the first process and the second process to the first memory according to attribute information of the virtual address page table.
- 根据权利要求13所述的装置,其特征在于,所述控制单元,用于:The device according to claim 13, characterized in that the control unit is used to:根据所述虚拟地址页表的属性信息,控制所述第一进程对所述第一内存不可见且控制所述第二进程对所述第一内存可读且不可写。 According to the attribute information of the virtual address page table, the first process is controlled to be invisible to the first memory and the second process is controlled to be readable but not writable to the first memory.
- 根据权利要求9至14中任一项所述的装置,其特征在于,所述第一内存还包括用于承载所述第一进程的载荷数据的内存,所述数据填充单元,还用于:The device according to any one of claims 9 to 14, characterized in that the first memory further includes a memory for carrying payload data of the first process, and the data filling unit is further used to:在所述共享内存中填入所述载荷数据,以使得所述第二进程通过所述共享内存获取所述载荷数据。The payload data is filled in the shared memory, so that the second process obtains the payload data through the shared memory.
- 根据权利要求9至15中任一项所述的装置,其特征在于,所述第二进程通过指针地址偏移获取所述第一进程的身份信息。The device according to any one of claims 9 to 15 is characterized in that the second process obtains the identity information of the first process through a pointer address offset.
- 一种通信装置,其特征在于,包括:A communication device, comprising:存储器,用于存储计算机程序;Memory for storing computer programs;处理器,用于执行所述存储器中存储的计算机程序,以使得所述装置执行如权利要求1至8中任一项所述的方法。A processor, configured to execute the computer program stored in the memory, so that the apparatus performs the method according to any one of claims 1 to 8.
- 一种智能驾驶设备,其特征在于,包括如权利要求9至17中任一项的装置。An intelligent driving device, characterized in that it comprises the device as claimed in any one of claims 9 to 17.
- 根据权利要求18所述的智能驾驶设备,其特征在于,所述智能驾驶设备为车辆。The intelligent driving device according to claim 18 is characterized in that the intelligent driving device is a vehicle.
- 一种计算机可读存储介质,其特征在于,其上存储有计算机程序,所述计算机程序被计算机执行时,以使得实现如权利要求1至8中任一项所述的方法。A computer-readable storage medium, characterized in that a computer program is stored thereon, and when the computer program is executed by a computer, the method according to any one of claims 1 to 8 is implemented.
- 一种芯片,其特征在于,包括电路,所述电路用于执行如权利要求1至8中任一项所述的方法。 A chip, characterized in that it comprises a circuit, wherein the circuit is used to execute the method according to any one of claims 1 to 8.
Applications Claiming Priority (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211335882.8 | 2022-10-28 | ||
| CN202211335882.8A CN117955654A (en) | 2022-10-28 | 2022-10-28 | Communication method and device and intelligent driving equipment |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| WO2024088194A1 true WO2024088194A1 (en) | 2024-05-02 |
Family
ID=90796768
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| PCT/CN2023/125866 WO2024088194A1 (en) | 2022-10-28 | 2023-10-23 | Communication method and apparatus, and intelligent driving device |
Country Status (2)
| Country | Link |
|---|---|
| CN (1) | CN117955654A (en) |
| WO (1) | WO2024088194A1 (en) |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104572313A (en) * | 2013-10-22 | 2015-04-29 | 华为技术有限公司 | Inter-process communication method and device |
| CN104657224A (en) * | 2013-11-21 | 2015-05-27 | 华为技术有限公司 | Inter-process communication method and device |
| CN105868028A (en) * | 2015-01-23 | 2016-08-17 | 华为技术有限公司 | Method and device for sharing data between processes, and terminal |
| US9858199B1 (en) * | 2016-03-30 | 2018-01-02 | Amazon Technologies, Inc. | Memory management unit for shared memory allocation |
| CN111679921A (en) * | 2020-06-09 | 2020-09-18 | Oppo广东移动通信有限公司 | Memory sharing method, memory sharing device and terminal equipment |
| CN113495795A (en) * | 2020-04-03 | 2021-10-12 | 华为技术有限公司 | Inter-process communication method and related equipment |
-
2022
- 2022-10-28 CN CN202211335882.8A patent/CN117955654A/en active Pending
-
2023
- 2023-10-23 WO PCT/CN2023/125866 patent/WO2024088194A1/en unknown
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104572313A (en) * | 2013-10-22 | 2015-04-29 | 华为技术有限公司 | Inter-process communication method and device |
| CN104657224A (en) * | 2013-11-21 | 2015-05-27 | 华为技术有限公司 | Inter-process communication method and device |
| CN105868028A (en) * | 2015-01-23 | 2016-08-17 | 华为技术有限公司 | Method and device for sharing data between processes, and terminal |
| US9858199B1 (en) * | 2016-03-30 | 2018-01-02 | Amazon Technologies, Inc. | Memory management unit for shared memory allocation |
| CN113495795A (en) * | 2020-04-03 | 2021-10-12 | 华为技术有限公司 | Inter-process communication method and related equipment |
| CN111679921A (en) * | 2020-06-09 | 2020-09-18 | Oppo广东移动通信有限公司 | Memory sharing method, memory sharing device and terminal equipment |
Also Published As
| Publication number | Publication date |
|---|---|
| CN117955654A (en) | 2024-04-30 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US8549288B2 (en) | Dynamic creation and hierarchical organization of trusted platform modules | |
| CN113312306B (en) | Configurable Logic Platform | |
| AU2004218703B2 (en) | Security-related programming interface | |
| CN110520847B (en) | Virtualization of control and status signals | |
| AU2011285762B2 (en) | Providing fast non-volatile storage in a secure environment | |
| CN107678835A (en) | A kind of data transmission method and system | |
| US20200320189A1 (en) | Processing method for container security policy and related apparatus | |
| US8615788B2 (en) | Method and apparatus for scalable integrity attestation in virtualization environments | |
| EP4155949A1 (en) | Method and apparatus for isolating kernel from task | |
| CN114064302B (en) | Inter-process communication method and device | |
| JP2023532324A (en) | Process execution method and apparatus | |
| WO2024088194A1 (en) | Communication method and apparatus, and intelligent driving device | |
| US20210182375A1 (en) | Device Manager Providing Resource Control and Synchronization | |
| EP4246844A1 (en) | Data packet processing method and apparatus | |
| KR102176298B1 (en) | Method and device for use to access the container | |
| US20230342087A1 (en) | Data Access Method and Related Device | |
| CN109784041B (en) | Event processing method and device, storage medium and electronic device | |
| US10635618B2 (en) | Modifying a configuration of a port hub | |
| JP6877388B2 (en) | Information processing equipment, mobiles, information processing methods, and programs | |
| CN114238236A (en) | Shared file access method, electronic device and computer readable storage medium | |
| WO2021077917A1 (en) | Memory configuration method and device, and storage medium | |
| EP3555787B1 (en) | Safe mounting of external media | |
| CN105893112A (en) | Data packet processing method and device under virtualization environment | |
| CN114064193A (en) | Method and device for creating virtual machine in cloud management platform, cloud management platform and storage medium | |
| CN112540857B (en) | Method, device and system for processing workload demonstration computing task |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| 121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 23881772 Country of ref document: EP Kind code of ref document: A1 |